Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2017-11-15 08:29

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
security@debian.org	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
mediawiki	mediawiki	1.28.2
mediawiki	mediawiki	1.29.0
mediawiki	mediawiki	1.29.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17",
              "versionEndIncluding": "1.27.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by \"a lot of junk.\""
    },
    {
      "lang": "es",
      "value": "El convertidor de lenguaje en MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2 permite que atacantes reemplacen texto dentro de etiquetas mediante una definici\u00f3n de reglas seguida por mucho contenido innecesario."
    }
  ],
  "id": "CVE-2017-8814",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T08:29:00.780",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-02-12 23:28

Modified

2025-04-09 00:30

Severity ?

Summary

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

References

URL	Tags
cve@mitre.org	http://bugzilla.wikimedia.org/show_bug.cgi?id=8819	Exploit
cve@mitre.org	http://osvdb.org/33706
cve@mitre.org	http://osvdb.org/33707
cve@mitre.org	http://osvdb.org/33708
cve@mitre.org	http://osvdb.org/33709
cve@mitre.org	http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=19681	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/459793/100/0/threaded
cve@mitre.org	http://zone14.free.fr/advisories/7/	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32440
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.wikimedia.org/show_bug.cgi?id=8819	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33706
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33707
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33708
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33709
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=19681	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/459793/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://zone14.free.fr/advisories/7/	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32440

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5_alpha1
mediawiki	mediawiki	1.5_alpha2
mediawiki	mediawiki	1.5_beta1
mediawiki	mediawiki	1.5_beta2
mediawiki	mediawiki	1.5_beta3
mediawiki	mediawiki	1.5_beta4
mediawiki	mediawiki	1.5_rc2
mediawiki	mediawiki	1.5_rc3
mediawiki	mediawiki	1.5_rc4
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.5_r14348
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28DC19-7E6A-4CC7-86A9-10EA9FD79FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD296DF-21C6-43E4-AC4D-8F57220ECDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AD23BE-5400-43D8-A667-7AE60B0500B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AFE2FA-CAE0-42C3-AA84-4F8D59045A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9703151E-85D7-4F81-AFB5-5BC72C44D81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D66E99D9-8ED9-445A-908D-58A70A32E033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E4BE45-F7F2-46DF-995D-1A7203DF5EDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E607C45-A499-4F08-A15E-608EB28788E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38FFBC7-5731-42B7-8BAE-C1F230F4610C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B4D1E6-9EFE-4608-9A97-8119822A9F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.9.2 permite a atacantes remotos obtener informaci\u00f3n sensible mediante una petici\u00f3n directa de (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, o (4) Chick.deps.php en wiki/skins, lo cual muestra la ruta de instalaci\u00f3n en el mensaje de error resultante."
    }
  ],
  "id": "CVE-2007-0894",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-12T23:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=8819"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33706"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33707"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33708"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33709"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=19681"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/459793/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://zone14.free.fr/advisories/7/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=8819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=19681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/459793/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://zone14.free.fr/advisories/7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32440"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 06:15

Modified

2024-11-21 08:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T345680	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T345680	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n SportsTeams para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. SportsTeams: Special:SportsManagerLogo y Special:SportsTeamsManagerLogo no verifican el derecho de usuario de sportsteamsmanager y, por lo tanto, un atacante puede afectar p\u00e1ginas relacionadas con equipos deportivos."
    }
  ],
  "id": "CVE-2023-45370",
  "lastModified": "2024-11-21T08:26:50.117",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T06:15:10.470",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T345680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T345680"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-29 16:15

Modified

2024-11-21 08:11

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T333569	Exploit, Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T333569	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the \"get edits\" type is vulnerable to HTML injection through the User-Agent HTTP request header."
    }
  ],
  "id": "CVE-2023-37255",
  "lastModified": "2024-11-21T08:11:19.070",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-29T16:15:10.043",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T333569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T333569"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:18

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50B973A6-D4AD-44EC-976E-1068DDE6D20B",
              "versionEndExcluding": "1.31.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D57552-DD9C-44B8-9BA4-6AB0EAF09979",
              "versionEndExcluding": "1.34.4",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an \u003ca\u003e tag (or it does not have a href attribute, or it\u0027s empty, etc.). The actual result is that the object contains an \u003ca href =\"javascript... that executes when clicked."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones anteriores a 1.31.10 y desde 1.32.x hasta 1.34.x anteriores a 1.34.4, puede ocurrir un ataque de tipo XSS relacionado con jQuery.\u0026#xa0;El atacante crea un mensaje con [javascript:payload xss] y lo convierte en un objeto jQuery con mw.message().parse().\u0026#xa0;El resultado esperado es que el objeto jQuery no contiene una etiqueta (a) (o no tiene un atributo href, o est\u00e1 vac\u00edo, etc.).\u0026#xa0;El resultado real es que el objeto contiene un (a href =\"javascript... que se ejecuta cuando se cliquea"
    }
  ],
  "id": "CVE-2020-25814",
  "lastModified": "2024-11-21T05:18:49.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:12.687",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-10-06 10:02

Modified

2025-04-03 01:03

Severity ?

Summary

Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.

References

URL	Tags
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=358163	Patch
cve@mitre.org	http://www.novell.com/linux/security/advisories/2005_22_sr.html
cve@mitre.org	http://www.osvdb.org/19956
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=358163	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2005_22_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/19956

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in \"edit submission handling\" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL."
    }
  ],
  "id": "CVE-2005-3166",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-10-06T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=358163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/19956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=358163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/19956"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-12-11 19:15

Modified

2024-11-21 01:55

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/62194	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=52746	Exploit, Issue Tracking, Patch, Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86897	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62194	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=52746	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86897	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "079904A7-7992-48C6-9C50-54892F24826C",
              "versionEndExcluding": "1.19.8",
              "versionStartIncluding": "1.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B32E340B-5FF7-43F7-A1E8-16CACE765F31",
              "versionEndExcluding": "1.20.7",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "967C4E11-A76A-4519-950D-D580C31AFB2C",
              "versionEndExcluding": "1.21.2",
              "versionStartIncluding": "1.21.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php."
    },
    {
      "lang": "es",
      "value": "El archivo includes/libs/IEUrlExtension.php en la API MediaWiki en MediaWiki versiones 1.19.x anteriores a 1.19.8, versiones 1.20.x anteriores a 1.20.7 y versiones 1.21.x anteriores a 1.21.2 no detecta apropiadamente las extensiones cuando existe un n\u00famero par de caracteres \".\" (punto) en una cadena, lo que permite a atacantes remotos realizar ataques de tipo cross-site scripting (XSS) por medio del par\u00e1metro siprop en una acci\u00f3n query en el archivo wiki/api.php."
    }
  ],
  "id": "CVE-2013-4303",
  "lastModified": "2024-11-21T01:55:18.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-11T19:15:12.217",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62194"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-12-26 06:15

Modified

2025-04-14 15:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T309894	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T309894	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8641E8E6-E89C-4EE1-A4C2-7DB79F8FCF4A",
              "versionEndExcluding": "1.35.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44F278DA-D150-4A87-AEE8-82A52D0DFE3B",
              "versionEndExcluding": "1.37.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0582934E-BEE2-4D9B-8160-9BF5E1EFD1BF",
              "versionEndExcluding": "1.38.3",
              "versionStartIncluding": "1.38.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. HTMLUserTextField expone la existencia de usuarios ocultos."
    }
  ],
  "id": "CVE-2022-41765",
  "lastModified": "2025-04-14T15:15:21.573",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-26T06:15:11.007",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T309894"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T309894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:19

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea	Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://phabricator.wikimedia.org/T262213	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T262213	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "036C9229-D482-46F2-BA8C-A6800E5CFD1C",
              "versionEndExcluding": "1.34.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery\u0027s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo XSS se presenta en la extensi\u00f3n MobileFrontend para MediaWiki versiones anteriores a 1.34.4 porque section.line es manejada inapropiadamente durante el reemplazo de la l\u00ednea de la secci\u00f3n de expresiones regulares desde PageGateway.\u0026#xa0;Usando HTML dise\u00f1ado, un atacante puede provocar un ataque XSS a trav\u00e9s del m\u00e9todo parseHTML de jQuery, que puede hacer que se activen las devoluciones de llamada de imagen incluso sin que el elemento se agregue al DOM"
    }
  ],
  "id": "CVE-2020-26120",
  "lastModified": "2024-11-21T05:19:17.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:13.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262213"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/13/15
secalert@redhat.com	http://secunia.com/advisories/44142	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2366
secalert@redhat.com	http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856	Exploit, Patch
secalert@redhat.com	http://www.securityfocus.com/bid/47354
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0978	Patch, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1100
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1151
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=695577
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=696360
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=28450
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/66738
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/13/15
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44142	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2366
af854a3a-2127-422b-91ae-364da2661108	http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47354
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0978	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1100
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1151
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=695577
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=696360
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=28450
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66738

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AA6BD8-8AD7-4C43-8048-83A4DE0388E2",
              "versionEndIncluding": "1.16.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \\2f\\2a and \\2a\\2f hex strings to surround CSS comments."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n checkCss en includes/Sanitizer.php en el analizador wikitext de MediaWiki antes de v1.16.3, no valida correctamente las hojas de estilo en cascada (CSS) secuencias se\u00f1al, la cual permite a atacantes remotos ejecutar secuencias de comandos en sitios cruzados (XSS) u obtener informaci\u00f3n sensible mediante el uso de las cadenas hexadecimales \\2f\\2a y \\2a\\2f para rodear comentarios CSS."
    }
  ],
  "id": "CVE-2011-1579",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-27T00:55:04.600",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44142"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/47354"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0978"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1100"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1151"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-01-08 11:55

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/11/29/12	Mailing List, Third Party Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/11/29/6	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2366	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=758171	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=32616	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/11/29/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/11/29/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2366	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=758171	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=32616	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
debian	debian_linux	5.0
debian	debian_linux	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA18B2E1-E258-4A9C-BD50-8019EEC3D264",
              "versionEndExcluding": "1.17.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions."
    },
    {
      "lang": "es",
      "value": "MediaWiki, antes de v1.17.1, no comprueba los permisos de lectura antes de manejar las peticiones action=ajax, lo que permite a atacantes remotos obtener informaci\u00f3n sensible (1) aprovechandose de la funci\u00f3n SpecialUpload::ajaxGetExistsWarning, o (2) aprovechando una extensi\u00f3n, como lo demuestra las extensiones CategoryTree, ExtTab y InlineEditor."
    }
  ],
  "id": "CVE-2011-4361",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-08T11:55:19.797",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32616"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-04-20 01:55

Modified

2025-04-12 10:46

Severity ?

Summary

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html	Patch, Vendor Advisory
cve@mitre.org	http://openwall.com/lists/oss-security/2014/03/28/1
cve@mitre.org	http://openwall.com/lists/oss-security/2014/04/01/7
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
cve@mitre.org	https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/03/28/1
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/04/01/7
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB348567-4B1F-4E94-9511-46D6F7D37038",
              "versionEndIncluding": "1.19.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker\u0027s account, as demonstrated by tracking the victim\u0027s activity, related to a \"login CSRF\" issue."
    },
    {
      "lang": "es",
      "value": "El archivo includes/specials/SpecialChangePassword.php en MediaWiki anterior a versiones 1.19.14, 1.20.x y versiones 1.21.x anterior a 1.21.8, y versiones 1.22.x anteriores a 1.22.5 no maneja apropiadamente un intento de inicio de sesi\u00f3n correctamente autenticado pero no previsto, lo que hace m\u00e1s f\u00e1cil para que los usuarios autenticados remotos obtengan informaci\u00f3n confidencial al hacer que una v\u00edctima inicie sesi\u00f3n en la cuenta del atacante, como es demostrado mediante el rastreo de la actividad de la v\u00edctima, relacionada con un problema de \"login CSRF\"."
    }
  ],
  "id": "CVE-2014-2665",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-20T01:55:06.987",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/03/28/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/04/01/7"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/03/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/04/01/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-12-22 21:03

Modified

2025-04-03 01:03

Severity ?

Summary

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.

References

URL	Tags
cve@mitre.org	http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
cve@mitre.org	http://secunia.com/advisories/18219	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/18717
cve@mitre.org	http://www.mediawiki.org/wiki/Download	Patch
cve@mitre.org	http://www.securityfocus.com/bid/16032	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2005/3059
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23882
af854a3a-2127-422b-91ae-364da2661108	http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18219	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18717
af854a3a-2127-422b-91ae-364da2661108	http://www.mediawiki.org/wiki/Download	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16032	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/3059
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23882

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6
mediawiki	mediawiki	1.5_alpha1
mediawiki	mediawiki	1.5_alpha2
mediawiki	mediawiki	1.5_beta1
mediawiki	mediawiki	1.5_beta2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "226217AC-8AF5-4EB1-B094-B5CCE496A037",
              "versionEndIncluding": "1.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28DC19-7E6A-4CC7-86A9-10EA9FD79FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD296DF-21C6-43E4-AC4D-8F57220ECDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AD23BE-5400-43D8-A667-7AE60B0500B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AFE2FA-CAE0-42C3-AA84-4F8D59045A78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer."
    }
  ],
  "id": "CVE-2005-4501",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-22T21:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18219"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18717"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.mediawiki.org/wiki/Download"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16032"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/3059"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.mediawiki.org/wiki/Download"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/3059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-20 18:15

Modified

2025-04-03 16:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T323592	Exploit, Issue Tracking, Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T323592	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "357C67CA-8586-4F8D-951C-51220DD6AA18",
              "versionEndExcluding": "1.35.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13962AAD-4625-42E8-B960-53FAE7699070",
              "versionEndExcluding": "1.38.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "243E4420-7054-4190-8270-76E09207FC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "90D9672A-851F-46B0-AA0D-35991D7802E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5141FCFC-D842-49B8-9385-5EE2DB6E7BFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.9, 1.36.x hasta 1.38.x antes de 1.38.5 y 1.39.x antes de 1.39.1. Hay XSS en el formato de fecha de Wikibase a trav\u00e9s de los campos wikibase-time-precision-*. Esto permite la ejecuci\u00f3n de JavaScript por parte del personal/usuarios administradores que no tienen intencionalmente la capacidad editsitejs."
    }
  ],
  "id": "CVE-2023-22910",
  "lastModified": "2025-04-03T16:15:31.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-20T18:15:10.363",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T323592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T323592"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en php-luasandbox en la extensi\u00f3n Scribuntu para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 tiene impacto no especificado y vectores remotos."
    }
  ],
  "id": "CVE-2013-4571",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-12T14:55:04.837",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-24 02:15

Modified

2024-11-21 06:32

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d	Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
cve@mitre.org	https://phabricator.wikimedia.org/T294693	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T294693	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3E6AE2-E61E-4F3C-8334-906FF29AAB56",
              "versionEndIncluding": "1.3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar)."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones hasta 1.37, las descripciones de elementos de Wikibase permiten un ataque de tipo XSS, que es desencadenado al visitar una URL action=info (tambi\u00e9n se conoce como barra lateral de informaci\u00f3n de la p\u00e1gina)"
    }
  ],
  "id": "CVE-2021-45473",
  "lastModified": "2024-11-21T06:32:17.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-24T02:15:07.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T294693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T294693"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 17:15

Modified

2024-11-21 04:22

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T222038	Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T222038	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73DB4FC-F058-41A4-8A93-B7902283741B",
              "versionEndExcluding": "1.27.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFD5C137-122F-42C8-94D7-0FCD48F92CC0",
              "versionEndExcluding": "1.30.2",
              "versionStartIncluding": "1.27.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8AFEFD-8776-4722-82BC-21CC1214FCCC",
              "versionEndExcluding": "1.31.2",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "631F30ED-1171-42E5-8FAF-AC9230CED0C5",
              "versionEndExcluding": "1.32.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
    },
    {
      "lang": "es",
      "value": "MediaWiki hasta la versi\u00f3n 1.32.1 de Wikimedia, presenta un Control de Acceso Incorrecto. Un registro suprimido en la p\u00e1gina RevisionDelete esta expuesto. Corregido en versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6."
    }
  ],
  "id": "CVE-2019-12470",
  "lastModified": "2024-11-21T04:22:55.323",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T17:15:12.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T222038"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T222038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T86711
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T86711
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de lista negra incompleta en MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9 y 1.24.x anterior a 1.24.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un elemento href XLink animado."
    }
  ],
  "id": "CVE-2015-2932",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:05.413",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T86711"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T86711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-03-30 00:06

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.

References

URL	Tags
cve@mitre.org	http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html	Patch
cve@mitre.org	http://secunia.com/advisories/19504
cve@mitre.org	http://secunia.com/advisories/19508
cve@mitre.org	http://secunia.com/advisories/19517
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml
cve@mitre.org	http://www.mediawiki.org/wiki/MediaWiki
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_07_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/17269	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1194
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25588
af854a3a-2127-422b-91ae-364da2661108	http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19504
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19508
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19517
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mediawiki.org/wiki/MediaWiki
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_07_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17269	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1194
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25588

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5_alpha1
mediawiki	mediawiki	1.5_alpha2
mediawiki	mediawiki	1.5_beta1
mediawiki	mediawiki	1.5_beta2
mediawiki	mediawiki	1.5_beta3
mediawiki	mediawiki	1.5_beta4
mediawiki	mediawiki	1.5_rc2
mediawiki	mediawiki	1.5_rc3
mediawiki	mediawiki	1.5_rc4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28DC19-7E6A-4CC7-86A9-10EA9FD79FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD296DF-21C6-43E4-AC4D-8F57220ECDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AD23BE-5400-43D8-A667-7AE60B0500B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AFE2FA-CAE0-42C3-AA84-4F8D59045A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9703151E-85D7-4F81-AFB5-5BC72C44D81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D66E99D9-8ED9-445A-908D-58A70A32E033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E4BE45-F7F2-46DF-995D-1A7203DF5EDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E607C45-A499-4F08-A15E-608EB28788E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38FFBC7-5731-42B7-8BAE-C1F230F4610C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links."
    }
  ],
  "id": "CVE-2006-1498",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-03-30T00:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19504"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19508"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19517"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mediawiki.org/wiki/MediaWiki"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17269"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1194"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mediawiki.org/wiki/MediaWiki"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25588"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=57025
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=57025

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de CSRF en las p\u00e1ginas especiales (1) CreateProperty, (2) CreateTemplate, (3) CreateForm y (4) CreateClass en la extensi\u00f3n SemanticForms para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que tienen impacto y vectores no especificados."
    }
  ],
  "id": "CVE-2014-3455",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-12T14:55:07.290",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-11 08:15

Modified

2024-11-21 06:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.

References

URL	Tags
cve@mitre.org	https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874	Patch, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
cve@mitre.org	https://phabricator.wikimedia.org/T284419	Permissions Required
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T284419	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E151A08F-6DFB-4D6E-82CD-000CCF6581F3",
              "versionEndExcluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.36.2, permite una denegaci\u00f3n de servicio (consumo de recursos debido a un largo tiempo de procesamiento de consultas). Visitando Special:Contributions puede resultar a veces en una consulta SQL de larga duraci\u00f3n porque la protecci\u00f3n de PoolCounter est\u00e1 manejada inapropiadamente"
    }
  ],
  "id": "CVE-2021-41800",
  "lastModified": "2024-11-21T06:26:47.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-11T08:15:06.813",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T284419"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T284419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-03-30 07:15

Modified

2024-11-21 06:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T294256	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T294256	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78A6052-5AA3-4B3F-8A76-EEBDD5F50520",
              "versionEndIncluding": "1.37.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones hasta 1.37.1. El archivo ImportPlanValidator.php en la extensi\u00f3n FileImporter maneja inapropiadamente la comprobaci\u00f3n de los derechos de edici\u00f3n"
    }
  ],
  "id": "CVE-2022-28206",
  "lastModified": "2024-11-21T06:56:57.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-30T07:15:07.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T294256"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T294256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-11-03 05:15

Modified

2024-11-21 08:26

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
cve@mitre.org	https://phabricator.wikimedia.org/T340221	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T340221	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28CCB302-794F-478B-8331-D9D56CC63983",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.39.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F7880C3A-6D22-4D41-BD00-7E30D3A46FB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Hay XSS en youhavenewmessagesmanyusers y youhavenewmessages i18n mensajes. Esto est\u00e1 relacionado con MediaWiki: Youhavenewmessagesfromusers."
    }
  ],
  "id": "CVE-2023-45360",
  "lastModified": "2024-11-21T08:26:48.780",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-11-03T05:15:30.730",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T340221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T340221"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-03-02 04:57

Modified

2025-04-12 10:46

Severity ?

Summary

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	Patch, Vendor Advisory
cve@mitre.org	http://openwall.com/lists/oss-security/2014/02/28/1
cve@mitre.org	http://openwall.com/lists/oss-security/2014/03/01/2
cve@mitre.org	http://www.securityfocus.com/bid/65910
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1071135
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=60771	Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/02/28/1
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/03/01/2
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/65910
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1071135
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=60771	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.17.3
mediawiki	mediawiki	1.17.4
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93892D32-3543-4D1B-AEA7-B813E07F2DFD",
              "versionEndIncluding": "1.19.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E4780402-81D6-46E1-8ECD-3BCB97095B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "341D904D-A6D6-4644-B67B-D1D62BCFEDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3356EA-5FD5-478E-882B-2D7C10011537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element."
    },
    {
      "lang": "es",
      "value": "includes/upload/UploadBase.php en MediaWiki anterior a 1.19.12, 1.20.x y 1.21.x anterior a 1.21.6 y 1.22.x anterior a 1.22.3 no previene el uso de espacios de nombres inv\u00e1lidos en archivos SVG, lo que permite a atacantes remotos realizar ataques XSS a trav\u00e9s de una subida de SVG, tal y como se demostr\u00f3 mediante el uso de un espacio de nombre W3C XHTML en conjunto con un elemento IFRAME."
    }
  ],
  "id": "CVE-2014-2242",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-02T04:57:25.887",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/65910"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60771"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-29 04:15

Modified

2024-11-21 06:59

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T306741	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T306741	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FFFEA4-A471-43C1-870B-10960DE725CF",
              "versionEndIncluding": "1.37.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n FanBoxes para MediaWiki versiones hasta 1.37.2 (antes de 027ffb0b9d6fe0d823810cf03f5b562a212162d4) permite un ataque de tipo CSRF de Special:UserBoxes"
    }
  ],
  "id": "CVE-2022-29905",
  "lastModified": "2024-11-21T06:59:56.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-29T04:15:10.173",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306741"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T272244	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T272244	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki versiones hasta 1.35.2.\u0026#xa0;Manej\u00f3 inapropiadamente unos bloqueos de cuentas para determinadas cuentas de usuario de MediaWiki creadas autom\u00e1ticamente, lo que permiti\u00f3 a usuarios nefastos permanecieran desbloqueados"
    }
  ],
  "id": "CVE-2021-31554",
  "lastModified": "2024-11-21T06:05:54.343",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.230",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T272244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T272244"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T285190	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T285190	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden)."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n CentralAuth en MediaWiki versiones hasta 1.36. La p\u00e1gina Special:GlobalUserRights proporcionaba resultados de b\u00fasqueda que, para un usuario suprimido de MediaWiki, eran diferentes a los de cualquier otro usuario, revelando as\u00ed f\u00e1cilmente las cuentas suprimidas (que se supone que est\u00e1n completamente ocultas)"
    }
  ],
  "id": "CVE-2021-36127",
  "lastModified": "2024-11-21T06:13:10.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.817",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T285190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T285190"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-17 04:15

Modified

2024-11-21 06:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T297574	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
cve@mitre.org	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297574	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a versi\u00f3n 1.35.5, versiones 1.36.x anteriores a 1.36.3 y versiones 1.37.x anteriores a 1.37.1. Usando una consulta action=rollback, los atacantes pueden visualizar contenidos privados del wiki"
    }
  ],
  "id": "CVE-2021-45038",
  "lastModified": "2024-11-21T06:31:50.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-17T04:15:39.197",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297574"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-06 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/58834
cve@mitre.org	http://secunia.com/advisories/58896
cve@mitre.org	http://www.debian.org/security/2014/dsa-2957
cve@mitre.org	http://www.openwall.com/lists/oss-security/2014/06/04/15
cve@mitre.org	http://www.securityfocus.com/bid/67787
cve@mitre.org	http://www.securitytracker.com/id/1030364
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58834
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58896
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2957
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/06/04/15
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67787
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030364
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=65501

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.19.13
mediawiki	mediawiki	1.19.14
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "445F2DE4-BD11-47E1-91ED-7EF19090C4FE",
              "versionEndIncluding": "1.19.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77B822C-5536-4843-A509-D5471AC02B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "84198067-1339-4087-9B91-B0AFD45C6F0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Special:PasswordReset in MediaWiki anterior a 1.19.16, 1.21.x anterior a 1.21.10 y 1.22.x anterior a 1.22.7, cuando wgRawHtml est\u00e1 habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nombre de usuario inv\u00e1lido."
    }
  ],
  "id": "CVE-2014-3966",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-06-06T14:55:05.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/58834"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/58896"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-2957"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/06/04/15"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/67787"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1030364"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/06/04/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65501"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-03-14 18:15

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T361451	Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T361451	Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en el aspecto Tempo de MediaWiki hasta la versi\u00f3n 1.42.1. Hay XSS almacenado a trav\u00e9s de MediaWiki: entradas del men\u00fa de nivel superior de la barra lateral."
    }
  ],
  "id": "CVE-2024-40602",
  "lastModified": "2025-03-14T18:15:29.110",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.543",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361451"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-16 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.

References

URL	Tags
security@debian.org	http://www.openwall.com/lists/oss-security/2014/12/21/2
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T73111	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/21/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T73111	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.24.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE55C257-9CF4-485C-8096-AC0C2759056F",
              "versionEndIncluding": "1.19.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la previsualizaci\u00f3n en la extensi\u00f3n ExpandTemplates para MediaWiki, cuando $wgRawHTML est\u00e1 configurado a verdad, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro wpInput en la p\u00e1gina Special:ExpandTemplates."
    }
  ],
  "id": "CVE-2014-9478",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-16T16:59:13.063",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T73111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T73111"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-12-19 19:15

Modified

2024-11-21 04:35

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T240487	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T240487	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.34
	mediawiki	mediawiki	1.35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B5C33D-9225-4E69-974F-CFFFBEC3884C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "099B2ED0-C4DB-458C-803C-0EC3CA21D3C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client\u0027s IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context."
    },
    {
      "lang": "es",
      "value": "El MinervaNeue Skin en MediaWiki desde el 05-11-2019 hasta el 13-12-2019 (versiones 1.35 y/o 1.34) maneja inapropiadamente ciertos atributos HTML, como es demostrado por IMG onmouseover= (el impacto es un XSS) e IMG src=http (el impacto es la revelaci\u00f3n de la direcci\u00f3n IP del cliente). Esto puede presentarse dentro de un encabezado tem\u00e1tico de la p\u00e1gina de discusi\u00f3n que es visualizado dentro de un contexto m\u00f3vil (MobileFrontend)."
    }
  ],
  "id": "CVE-2019-19910",
  "lastModified": "2024-11-21T04:35:38.573",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-19T19:15:14.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T240487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T240487"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-08 02:15

Modified

2024-11-21 05:35

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/558203	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T240773	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/558203	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T240773	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "099B2ED0-C4DB-458C-803C-0EC3CA21D3C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file)."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n WikibaseMediaInfo versi\u00f3n 1.35 para MediaWiki, permite un ataque de tipo XSS debido a una sintaxis de plantilla inapropiada dentro de la plantilla PropertySuggestionsWidget (en el archivo templates/search/PropertySuggestionsWidget.mustache+dom)."
    }
  ],
  "id": "CVE-2020-6163",
  "lastModified": "2024-11-21T05:35:13.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-08T02:15:10.553",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/558203"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T240773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/558203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T240773"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-10 14:11

Modified

2024-11-21 06:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T290808	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T290856	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T290808	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T290856	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. Algunos usuarios no privilegiados pueden visualizar informaci\u00f3n confidencial (por ejemplo, direcciones IP y encabezados User-Agent para el tr\u00e1fico electoral) en una instancia de testwiki SecurePoll"
    }
  ],
  "id": "CVE-2021-46148",
  "lastModified": "2024-11-21T06:33:41.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:11:28.140",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T290808"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T290856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T290808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T290856"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T277388	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T277388	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter\u0027s length."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n Oauth para MediaWiki versiones hasta 1.35.2.\u0026#xa0;No comprob\u00f3 la longitud del par\u00e1metro oarc_version (tambi\u00e9n se conoce como oauth_registered_consumer.oarc_version)"
    }
  ],
  "id": "CVE-2021-31555",
  "lastModified": "2024-11-21T06:05:54.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.263",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T277388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T277388"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T109140	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0363	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T109140	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0363	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error por el cual Special:UserLogin?returnto=interwiki:foo redirigir\u00e1 a sitios externos."
    }
  ],
  "id": "CVE-2017-0363",
  "lastModified": "2024-11-21T03:02:50.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.407",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T109140"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T109140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0363"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-10-11 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
secalert@redhat.com	http://osvdb.org/96909
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553	Patch
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=49070	Exploit, Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86890
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96909
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=49070	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86890

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.21.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en contrib/example.php de la extensi\u00f3n SyntaxHighlight GeSHi para MediaWiki, posiblemente la descargada antes de septiembre de 2013, permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de PATH_INFO."
    }
  ],
  "id": "CVE-2013-4305",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-11T21:55:44.307",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/96909"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49070"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86890"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-02-18 23:15

Modified

2024-11-21 03:02

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T140591	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T68404	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T140591	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T68404	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F57DFB5D-65E7-4E3B-81BF-4BEAD74D1677",
              "versionEndExcluding": "1.23.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C09A5A-267C-4075-A66B-B1CA30A0C253",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.24.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=\"background-image: attr(title url);\" attack within a DIV element that has an attacker-controlled URL in the title attribute."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.23.16, versiones 1.24.x hasta 1.27.x anteriores a 1.27.2 y versiones 1.28.x anteriores a 1.28.1, permite a atacantes remotos descubrir las direcciones IP de los visitantes del Wiki por medio de un ataque style=\"background-image: attr(title url);\" dentro de un elemento DIV que presenta una URL controlada por el atacante en el atributo title"
    }
  ],
  "id": "CVE-2017-0371",
  "lastModified": "2024-11-21T03:02:51.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-18T23:15:07.843",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T140591"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T68404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T140591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T68404"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-15 08:29

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
security@debian.org	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
mediawiki	mediawiki	1.28.2
mediawiki	mediawiki	1.29.0
mediawiki	mediawiki	1.29.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17",
              "versionEndIncluding": "1.27.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2, cuando se ha configurado una wiki privada, proporciona diferentes mensajes de error para intentos de inicio de sesi\u00f3n fallidos dependiendo de si existe el nombre de usuario. Esto permite que atacantes remotos enumeren nombres de cuentas y lleven a cabo ataques de fuerza bruta mediante una serie de peticiones."
    }
  ],
  "id": "CVE-2017-8810",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T08:29:00.673",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-30 17:15

Modified

2024-11-27 19:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T338276	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T338276	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message."
    }
  ],
  "id": "CVE-2023-37303",
  "lastModified": "2024-11-27T19:15:32.160",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-30T17:15:09.617",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T338276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T338276"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-15 08:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
security@debian.org	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
mediawiki	mediawiki	1.28.2
mediawiki	mediawiki	1.29.0
mediawiki	mediawiki	1.29.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17",
              "versionEndIncluding": "1.27.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de la expansi\u00f3n del par\u00e1metro raw message en MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2 permite ataques de decoraci\u00f3n HTML."
    }
  ],
  "id": "CVE-2017-8811",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T08:29:00.720",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-11 08:15

Modified

2024-11-21 06:26

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
cve@mitre.org	https://phabricator.wikimedia.org/T285515	Exploit, Patch, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T285515	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E151A08F-6DFB-4D6E-82CD-000CCF6581F3",
              "versionEndExcluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.36.2, permite una vulnerabilidad de tipo XSS. Los mensajes de MediaWiki relacionados con el mes no se escapan antes de ser usados en la p\u00e1gina de resultados Special:Search"
    }
  ],
  "id": "CVE-2021-41798",
  "lastModified": "2024-11-21T06:26:46.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-11T08:15:06.647",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T285515"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T285515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-12 06:15

Modified

2025-04-08 16:15

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
cve@mitre.org	https://phabricator.wikimedia.org/T322637	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T322637	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "357C67CA-8586-4F8D-951C-51220DD6AA18",
              "versionEndExcluding": "1.35.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13962AAD-4625-42E8-B960-53FAE7699070",
              "versionEndExcluding": "1.38.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "243E4420-7054-4190-8270-76E09207FC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "90D9672A-851F-46B0-AA0D-35991D7802E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5141FCFC-D842-49B8-9385-5EE2DB6E7BFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.9, 1.36.x hasta 1.38.x antes de 1.38.5 y 1.39.x antes de 1.39.1. Al instalar con un directorio de datos preexistente que tiene permisos d\u00e9biles, los archivos SQLite se crean con el modo de archivo 0644, es decir, legible mundialmente para los usuarios locales. Estos archivos incluyen datos de credenciales."
    }
  ],
  "id": "CVE-2022-47927",
  "lastModified": "2025-04-08T16:15:24.250",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-12T06:15:08.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T322637"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T322637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-23 20:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T117899	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T117899	Issue Tracking, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.24.4
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2
mediawiki	mediawiki	1.25.3
mediawiki	mediawiki	1.26.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3971880B-BD50-4E3D-96F0-D07F60D59923",
              "versionEndIncluding": "1.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92AA40C-3E9A-44E6-9833-06853B5BF453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CCAC6ED-C3F5-4D8E-922B-FAA481210C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert(\u0027XSS!\u0027).\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MediaWiki en versiones anteriores a 1.23.12, 1.24.x en versiones anteriores a 1.24.5, 1.25.x en versiones anteriores a 1.25.4 y 1.26.x en versiones anteriores a 1.26.1, cuando se configura con una URL relativa, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario a trav\u00e9s de wikitext, como demuestra un wikilink a una p\u00e1gina llamada \"javascript:alert(\u0027XSS!\u0027)\"."
    }
  ],
  "id": "CVE-2015-8622",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-23T20:59:00.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T117899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T117899"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-10 14:11

Modified

2024-11-21 06:33

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T293341	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T293341	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. MassEditRegex permite un ataque de tipo CSRF"
    }
  ],
  "id": "CVE-2021-46147",
  "lastModified": "2024-11-21T06:33:41.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:11:27.590",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293341"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T260485	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T260485	Permissions Required, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50B973A6-D4AD-44EC-976E-1068DDE6D20B",
              "versionEndExcluding": "1.31.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D57552-DD9C-44B8-9BA4-6AB0EAF09979",
              "versionEndExcluding": "1.34.4",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un filtrado de informaci\u00f3n en MediaWiki versiones anteriores a 1.31.10 y desde 1.32.x hasta 1.34.x anteriores a 1.34.4.\u0026#xa0;El manejo de la identificaci\u00f3n del actor no necesariamente usa la base de datos correcta o la wiki correcta"
    }
  ],
  "id": "CVE-2020-25869",
  "lastModified": "2024-11-21T05:18:56.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:12.937",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T260485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T260485"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-10-26 20:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.

References

URL	Tags
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=853409	Issue Tracking, Patch
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T41700	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=853409	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T41700	Mailing List, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03517F3-5555-4DCF-A5BD-15B2AF03C970",
              "versionEndIncluding": "1.18.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-Site Scripting (XSS) en MediaWiki en versiones anteriores a la 1.18.5 y en versiones 1.19.x anteriores a la 1.19.2 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un enlace File: a una imagen inexistente."
    }
  ],
  "id": "CVE-2012-4377",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-26T20:29:00.297",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853409"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41700"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T260865	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T260865	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user\u0027s current username is beyond an arbitrary maximum configuration value (MaxNameChars)."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n CentralAuth en MediaWiki versiones hasta 1.36. La p\u00e1gina Special:GlobalRenameRequest es vulnerable a bucles infinitos y a ataques de denegaci\u00f3n de servicio cuando el nombre de usuario actual de un usuario supera un valor de configuraci\u00f3n m\u00e1ximo arbitrario (MaxNameChars)"
    }
  ],
  "id": "CVE-2021-36125",
  "lastModified": "2024-11-21T06:13:09.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.760",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T260865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T260865"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-02 05:15

Modified

2024-11-21 07:17

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T313205	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T313205	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CB16E9-D5C2-4F0A-BDBA-BBC84BBE9ED2",
              "versionEndIncluding": "1.38.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones hasta 1.38.2. Las p\u00e1ginas de configuraci\u00f3n de la comunidad para la extensi\u00f3n GrowthExperiments pod\u00edan causar que un sitio no estuviera disponible debido a una comprobaci\u00f3n insuficiente cuando son llevados a cabo determinadas acciones (incluyendo movimientos de p\u00e1gina)"
    }
  ],
  "id": "CVE-2022-39194",
  "lastModified": "2024-11-21T07:17:45.533",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-02T05:15:07.797",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T313205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T313205"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-06-08 00:30

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
	secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=23687

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en  sitios cruzados(XSS) en MediaWiki v1.15 antes de v1.15.4 y v1.16 antes de v1.16 beta 3 permite a atacantes remotos inyectar HTML o secuencias de comandos web a trav\u00e9s de cadenas CSS debidamente modificadas. Estas cadenas son procesadas como secuencias de comandos por Internet Explorer."
    }
  ],
  "id": "CVE-2010-1647",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-06-08T00:30:01.460",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553	Issue Tracking, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T71617	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T71617	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki versiones hasta 1.35.2.\u0026#xa0;Registraba incorrectamente las supresiones confidenciales, que no deber\u00edan haber sido visibles para usuarios con acceso a visualizar los datos de registro de AbuseFilter"
    }
  ],
  "id": "CVE-2021-31546",
  "lastModified": "2024-11-21T06:05:53.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:07.970",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T71617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T71617"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-10-06 10:02

Modified

2025-04-03 01:03

Severity ?

Summary

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/17074
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=361505	Patch
cve@mitre.org	http://www.novell.com/linux/security/advisories/2005_27_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/15024
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17074
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=361505	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2005_27_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15024

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
    }
  ],
  "id": "CVE-2005-3167",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-10-06T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17074"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=361505"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=361505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15024"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-22 04:15

Modified

2024-11-21 05:21

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T265810	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T265810	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "549D9595-9EF8-4EA0-95AD-595C53EFB607",
              "versionEndIncluding": "1.35.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user\u0027s IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n FileImporter en MediaWiki versiones hasta 1.35.0 no atribu\u00eda apropiadamente varias acciones de usuario a la direcci\u00f3n IP de un usuario espec\u00edfico.\u0026#xa0;En cambio, para varias acciones, informar\u00eda la direcci\u00f3n IP de un servidor interno de Wikimedia Foundation al omitir datos X-Fordered-For.\u0026#xa0;Esto result\u00f3 en una incapacidad para auditar y atribuir correctamente varias acciones de usuario llevadas a cabo por medio de la extensi\u00f3n FileImporter"
    }
  ],
  "id": "CVE-2020-27621",
  "lastModified": "2024-11-21T05:21:30.057",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-22T04:15:12.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T265810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T265810"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 05:15

Modified

2024-11-21 08:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T264765	Issue Tracking, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2023/dsa-5520	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T264765	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5520	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0
debian	debian_linux	11.0
debian	debian_linux	12.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en include/page/Article.php en MediaWiki 1.36.x hasta 1.39.x anteriores a 1.39.5 y 1.40.x anteriores a 1.40.1. La existencia de la revisi\u00f3n eliminada se filtra debido a que se verificaron permisos incorrectos. Esto revela que un ID de revisi\u00f3n determinado pertenec\u00eda al t\u00edtulo de la p\u00e1gina determinada y a su marca de tiempo, los cuales no se supone que sean informaci\u00f3n p\u00fablica."
    }
  ],
  "id": "CVE-2023-45364",
  "lastModified": "2024-11-21T08:26:49.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T05:15:09.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T264765"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T264765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-12 05:15

Modified

2025-06-20 17:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6	Patch
cve@mitre.org	https://phabricator.wikimedia.org/T348343	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6	Patch
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T348343	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1",
              "versionEndExcluding": "1.35.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8",
              "versionEndExcluding": "1.39.6",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6",
              "versionEndExcluding": "1.40.2",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n)."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CampaignEvents en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. La p\u00e1gina Special:EventDetails permite XSS a trav\u00e9s de la configuraci\u00f3n de idioma x-xss para la internacionalizaci\u00f3n (i18n)."
    }
  ],
  "id": "CVE-2024-23171",
  "lastModified": "2025-06-20T17:15:39.930",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-12T05:15:10.033",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T348343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T348343"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-08-12 22:15

Modified

2024-11-21 06:05

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9	Patch, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
cve@mitre.org	https://phabricator.wikimedia.org/T277380	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T277380	Permissions Required, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n Oauth para MediaWiki versiones hasta 1.35.2. El archivo MWOAuthConsumerSubmitControl.php  no asegura que la longitud de una clave RSA encaje en un blob de MySQL."
    }
  ],
  "id": "CVE-2021-31556",
  "lastModified": "2024-11-21T06:05:54.637",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-12T22:15:07.913",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T277380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T277380"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-01-30 23:55

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html	Vendor Advisory
cve@mitre.org	http://osvdb.org/102630
cve@mitre.org	http://secunia.com/advisories/56695	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/57472
cve@mitre.org	http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
cve@mitre.org	http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
cve@mitre.org	http://www.debian.org/security/2014/dsa-2891
cve@mitre.org	http://www.exploit-db.com/exploits/31329/
cve@mitre.org	http://www.osvdb.org/102631
cve@mitre.org	http://www.securityfocus.com/bid/65223
cve@mitre.org	http://www.securitytracker.com/id/1029707
cve@mitre.org	https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
cve@mitre.org	https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
cve@mitre.org	https://gerrit.wikimedia.org/r/#/c/110069/	Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
cve@mitre.org	https://gerrit.wikimedia.org/r/#/c/110215/
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/102630
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/56695	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57472
af854a3a-2127-422b-91ae-364da2661108	http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html
af854a3a-2127-422b-91ae-364da2661108	http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2891
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/31329/
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/102631
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/65223
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029707
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/c/110069/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/c/110215/

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php."
    },
    {
      "lang": "es",
      "value": "MediaWiki 1.22.x en versiones anteriores a 1.22.2, 1.21.x en versiones anteriores a 1.21.5 y 1.19.x en versiones anteriores a 1.19.11, cuando el soporte a la carga de archivos DjVu o PDF est\u00e1 habilitado, permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en (1) el par\u00e1metro page en includes/media/DjVu.php; (2) el par\u00e1metro w (tambi\u00e9n conocido como campo width) en thumb.php, lo que no se maneja correctamente por includes/media/PdfHandler_body.php; y posiblemente vectores no especificados en (3) includes/media/Bitmap.php e (4) includes/media/ImageHandler.php."
    }
  ],
  "id": "CVE-2014-1610",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-30T23:55:02.413",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/102630"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/56695"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/31329/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/102631"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/65223"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029707"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361\u0026action=diff"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384\u0026action=diff"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/110069/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://gerrit.wikimedia.org/r/#/c/110215/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/56695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/31329/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/102631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361\u0026action=diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384\u0026action=diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/110069/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gerrit.wikimedia.org/r/#/c/110215/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-12-26 06:15

Modified

2025-04-14 16:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T271037	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T271037	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0B3400A0-D77C-45D4-8868-73AF0B82B6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F533BF3B-6FBC-4CA6-A645-A321E20B9804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7CBE66AB-8BE5-4A96-9B90-8F3238AE7CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "18A9BF2D-7DDF-4C9D-838A-D8BA511A2CD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Se puede crear un t\u00edtulo bloqueado por AbuseFilter a trav\u00e9s de Special:ChangeContentModel debido al mal manejo del valor de retorno del gancho EditFilterMergedContent."
    }
  ],
  "id": "CVE-2021-44856",
  "lastModified": "2025-04-14T16:15:18.540",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-26T06:15:10.737",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T271037"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T271037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-22 02:15

Modified

2024-11-21 08:38

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
cve@mitre.org	https://phabricator.wikimedia.org/T347726	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/09/msg00039.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T347726	Exploit, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1",
              "versionEndExcluding": "1.35.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8",
              "versionEndExcluding": "1.39.6",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6",
              "versionEndExcluding": "1.40.2",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. En includes/logging/RightsLogFormatter.php, group-*-mensajes de miembros pueden generar XSS en Special:log/rights."
    }
  ],
  "id": "CVE-2023-51704",
  "lastModified": "2024-11-21T08:38:38.580",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-22T02:15:42.957",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347726"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/12692/	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=271848	Patch
cve@mitre.org	http://www.osvdb.org/10454	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/11302	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17578
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12692/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=271848	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/10454	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11302	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17578

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in \u0027raw\u0027 page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML."
    }
  ],
  "id": "CVE-2004-2152",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12692/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=271848"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.osvdb.org/10454"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11302"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12692/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=271848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.osvdb.org/10454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11302"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17578"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-20 17:59

Modified

2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T132926	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T132926	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.26.0
mediawiki	mediawiki	1.26.1
mediawiki	mediawiki	1.26.2
mediawiki	mediawiki	1.26.3
mediawiki	mediawiki	1.26.4
mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
              "versionEndIncluding": "1.23.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4, y 1.27.x en versiones anteriores a 1.27.1 permite a los usuarios autenticados remotos con permisos undelete eludir las restricciones destinadas a supresi\u00f3n y eliminaci\u00f3n de la revisi\u00f3n y eliminar el estado de eliminaci\u00f3n de revisi\u00f3n de las revisiones arbitrarias de archivos mediante el uso de Special:Undelete."
    }
  ],
  "id": "CVE-2016-6336",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.743",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T132926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T132926"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T85848	Exploit
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T85848	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a \"billion laughs attack,\" a different vulnerability than CVE-2015-2937."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9 y 1.24.x anterior a 1.24.2, cuando se utiliza HHVM, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y memoria) a trav\u00e9s de un gran n\u00famero de referencias de entidades anidadas en (1) un fichero SVG o (2) metadatos XMP en un fichero PDF, tambi\u00e9n conocido como \u0027billion laughs attack\u0027, una vulnerabilidad diferente a CVE-2015-2937."
    }
  ],
  "id": "CVE-2015-2942",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-13T14:59:15.367",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T85848"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T85848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-19 21:15

Modified

2025-05-29 16:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T297754	Exploit, Issue Tracking, Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297754	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E0A6AA3-FD23-4C90-ACFC-57699A24BA94",
              "versionEndExcluding": "1.37.2",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere\u0026target=Property%3AP31\u0026namespace=1\u0026invert=1 can take more than thirty seconds. There is a DDoS risk."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema de denegaci\u00f3n de servicio en MediaWiki versiones 1.37.x anteriores a 1.37.2. El procesamiento de w/index.php?title=Special%3AWhatLinksHere\u0026amp;target=Property%3AP31\u0026amp;namespace=1\u0026amp;invert=1 puede tardar m\u00e1s de treinta segundos. Se presenta un riesgo de DDoS"
    }
  ],
  "id": "CVE-2022-28204",
  "lastModified": "2025-05-29T16:15:27.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-09-19T21:15:09.527",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297754"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-09-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T48457
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T48457

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3FC868F5-04E7-4098-B992-C7B90AA729A9",
              "versionEndIncluding": "1.22.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la p\u00e1gina Special:Contributions en MediaWiki en versiones anteriores a 1.22.0, permite a atacantes remotos determinar si una IP es autobloqueada a trav\u00e9s del texto \u0027Change block\u0027."
    }
  ],
  "id": "CVE-2013-7444",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-01T14:59:00.137",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T48457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T48457"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-10 14:11

Modified

2024-11-21 06:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T293749	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T293749	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, versiones 1.36.x anteriores a 1.36.3 y versiones 1.37.x anteriores a 1.37.1.Puede producirse una denegaci\u00f3n de servicio (consumo de recursos) al buscar una clave muy larga en una b\u00fasqueda de nombres de idiomas"
    }
  ],
  "id": "CVE-2021-46149",
  "lastModified": "2024-11-21T06:33:41.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:11:28.790",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293749"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:18

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
cve@mitre.org	https://meta.wikimedia.org/wiki/Special:UserRights	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://meta.wikimedia.org/wiki/Special:UserRights	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50B973A6-D4AD-44EC-976E-1068DDE6D20B",
              "versionEndExcluding": "1.31.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D57552-DD9C-44B8-9BA4-6AB0EAF09979",
              "versionEndExcluding": "1.34.4",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones anteriores a 1.31.10 y desde 1.32.x hasta 1.34.x anteriores a 1.34.4, Special:UserRights expone la existencia de usuarios ocultos"
    }
  ],
  "id": "CVE-2020-25813",
  "lastModified": "2024-11-21T05:18:49.347",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:12.627",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://meta.wikimedia.org/wiki/Special:UserRights"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://meta.wikimedia.org/wiki/Special:UserRights"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-21 23:15

Modified

2024-11-21 05:27

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T268641	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T268641	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC439F7D-8255-455F-A22C-2A6B655392D7",
              "versionEndIncluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n PushToWatch para MediaWiki versiones hasta 1.35.1.\u0026#xa0;El formulario principal no implement\u00f3 un token anti-CSRF y, por lo tanto, era completamente vulnerable a los ataques de tipo CSRF contra la funci\u00f3n onSkinAddFooterLinks en el archivo PushToWatch.php"
    }
  ],
  "id": "CVE-2020-35626",
  "lastModified": "2024-11-21T05:27:43.677",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T23:15:12.577",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268641"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-10 14:11

Modified

2024-11-21 06:33

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T293556	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T293556	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. El componente WikibaseMediaInfo es vulnerable a un ataque de tipo XSS por medio de los campos caption de un archivo de medios determinado"
    }
  ],
  "id": "CVE-2021-46146",
  "lastModified": "2024-11-21T06:33:41.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:11:27.050",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293556"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-29 16:15

Modified

2024-11-21 08:11

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T331065	Exploit, Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T331065	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format."
    }
  ],
  "id": "CVE-2023-37254",
  "lastModified": "2024-11-21T08:11:18.917",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-29T16:15:10.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T331065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T331065"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-02-06 19:28

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html
cve@mitre.org	http://osvdb.org/33091
cve@mitre.org	http://secunia.com/advisories/24039
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22397
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0490
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32217
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33091
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24039
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22397
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0490
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32217

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.9.0
	mediawiki	mediawiki	1.9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"sortable tables JavaScript.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MediaWiki 1.9.x anterior a 1.9.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados relacionados con \"tablas ordenables de JavaScript\"."
    }
  ],
  "id": "CVE-2007-0788",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-02-06T19:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33091"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24039"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22397"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0490"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32217"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-02 15:55

Modified

2025-04-12 10:46

Severity ?

Summary

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html	Vendor Advisory
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/83008
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/83008

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.18.4
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A778F48-5CC3-4823-B9BA-C9C53966ECA3",
              "versionEndIncluding": "1.18.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C260B25-06D8-4EA3-9C78-C0F608CFC390",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Special:UserLogin en MediaWiki anterior a 1.18.6, 1.19.x anterior a 1.19.3 y 1.20.x anterior a 1.20.1 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de session_id."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html\n\n\"CWE-384: Session Fixation\"",
  "id": "CVE-2012-5391",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-02T15:55:08.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40995"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83008"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-30 17:15

Modified

2024-11-21 08:11

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825	Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T323651	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T323651	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature."
    }
  ],
  "id": "CVE-2023-37304",
  "lastModified": "2024-11-21T08:11:26.667",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-30T17:15:09.660",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T323651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T323651"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.

References

URL	Tags
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=275099
cve@mitre.org	http://www.securityfocus.com/bid/11416	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=275099
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11416	Patch

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage."
    }
  ],
  "id": "CVE-2004-2185",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11416"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-03-02 04:57

Modified

2025-04-12 10:46

Severity ?

Summary

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	Patch, Vendor Advisory
cve@mitre.org	http://openwall.com/lists/oss-security/2014/02/28/1
cve@mitre.org	http://openwall.com/lists/oss-security/2014/03/01/2
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1071136
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=61346	Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f%2Cn%2Cz
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/02/28/1
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/03/01/2
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1071136
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=61346	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f%2Cn%2Cz

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.17.3
mediawiki	mediawiki	1.17.4
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93892D32-3543-4D1B-AEA7-B813E07F2DFD",
              "versionEndIncluding": "1.19.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E4780402-81D6-46E1-8ECD-3BCB97095B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "341D904D-A6D6-4644-B67B-D1D62BCFEDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3356EA-5FD5-478E-882B-2D7C10011537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses."
    },
    {
      "lang": "es",
      "value": "includes/User.php en MediaWiki anterior a 1.19.12, 1.20.x y 1.21.x anterior a 1.21.6 y 1.22.x anterior a 1.22.3 termina la validaci\u00f3n de un token de usuario cuando encuentra el primer caracter incorrecto, lo que facilita a atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta que depende de diferencias de tiempos en las respuestas a adivinanzas de token incorrectas."
    }
  ],
  "id": "CVE-2014-2243",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-02T04:57:25.917",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f%2Cn%2Cz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f%2Cn%2Cz"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-16 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.

References

URL	Tags
security@debian.org	http://www.openwall.com/lists/oss-security/2014/12/21/2
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T69180	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/21/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T69180	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.24.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE55C257-9CF4-485C-8096-AC0C2759056F",
              "versionEndIncluding": "1.19.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la extensi\u00f3n Hovercards para MediaWiki permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con extractos de textos."
    }
  ],
  "id": "CVE-2014-9480",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-16T16:59:15.140",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T69180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T69180"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-06 21:15

Modified

2024-11-21 06:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T291600	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T291600	Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la funci\u00f3n Special:MediaSearch en la extensi\u00f3n MediaSearch en MediaWiki versiones hasta 1.36.2. El texto de la sugerencia (un par\u00e1metro de mediasearch-did-you-mean) no saneaba apropiadamente y permit\u00eda una inyecci\u00f3n y ejecuci\u00f3n de HTML y JavaScript por medio del operador de b\u00fasqueda intitle: dentro de la consulta"
    }
  ],
  "id": "CVE-2021-42043",
  "lastModified": "2024-11-21T06:27:07.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-06T21:15:07.337",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T291600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T291600"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-29 03:15

Modified

2024-11-21 06:27

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T289063	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T289063	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n Growth en MediaWiki versiones hasta 1.36.2. En cualquier Wiki con la funci\u00f3n Mentor Dashboard activada, los usuarios pueden iniciar sesi\u00f3n con una cuenta de mentor y desencadenar una carga \u00fatil de tipo XSS (como una alerta) por medio de Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback"
    }
  ],
  "id": "CVE-2021-42047",
  "lastModified": "2024-11-21T06:27:08.137",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-29T03:15:14.657",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289063"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-09 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/48504	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/22/9
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/24/1
secalert@redhat.com	http://www.securityfocus.com/bid/52689
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=35078
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78910
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48504	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/22/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/24/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52689
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=35078
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78910

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users."
    },
    {
      "lang": "es",
      "value": "MediaWiki v1.17.x anterior a v1.17.3 y v1.18.x anterior a v1.18.2 usa n\u00fameros aleatorios d\u00e9biles para el reseteo de contrase\u00f1as de los tokens, lo que facilita a los atacantes remotos cambiar las contrase\u00f1as de los usuarios."
    }
  ],
  "id": "CVE-2012-1581",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-09T21:55:06.137",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78910"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-09 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
secalert@redhat.com	http://osvdb.org/80364
secalert@redhat.com	http://secunia.com/advisories/48504	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/22/9
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/24/1
secalert@redhat.com	http://www.securityfocus.com/bid/52689
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=35317
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74286
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80364
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48504	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/22/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/24/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52689
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=35317
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74286

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Special:Upload en MediaWiki v1.17.x antes de v1.17.3 y v1.18.x antes de v1.18.2, permite a atacantes remotos secuestrar la autenticaci\u00f3n de las v\u00edctimas no especificadas para las solicitudes que suben archivos."
    }
  ],
  "id": "CVE-2012-1580",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-09T21:55:06.090",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/80364"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35317"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74286"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-09-25 16:15

Modified

2025-02-13 17:16

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Summary

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

References

URL	Tags
help@fluidattacks.com	https://fluidattacks.com/advisories/blondie/	Exploit, Third Party Advisory
help@fluidattacks.com	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html	Mailing List, Third Party Advisory
help@fluidattacks.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
help@fluidattacks.com	https://www.debian.org/security/2023/dsa-5520	Third Party Advisory
help@fluidattacks.com	https://www.mediawiki.org/wiki/MediaWiki/	Product
af854a3a-2127-422b-91ae-364da2661108	https://fluidattacks.com/advisories/blondie/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5520	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/MediaWiki/	Product

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.40.0
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki v1.40.0 does not validate namespaces used in XML files.\n\nTherefore, if the instance administrator allows XML file uploads,\n\na remote attacker with a low-privileged user account can use this\n\nexploit to become an administrator by sending a malicious link to\n\nthe instance administrator."
    },
    {
      "lang": "es",
      "value": "Mediawiki v1.40.0 no valida los espacios de nombres utilizados en archivos XML. Por lo tanto, si el administrador de la instancia permite la carga de archivos XML, un atacante remoto con una cuenta de usuario con pocos privilegios puede utilizar este exploit para convertirse en administrador enviando un enlace malicioso al administrador de la instancia.\n"
    }
  ],
  "id": "CVE-2023-3550",
  "lastModified": "2025-02-13T17:16:57.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.2,
        "source": "help@fluidattacks.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-09-25T16:15:14.347",
  "references": [
    {
      "source": "help@fluidattacks.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://fluidattacks.com/advisories/blondie/"
    },
    {
      "source": "help@fluidattacks.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
    },
    {
      "source": "help@fluidattacks.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "help@fluidattacks.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5520"
    },
    {
      "source": "help@fluidattacks.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.mediawiki.org/wiki/MediaWiki/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://fluidattacks.com/advisories/blondie/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://www.mediawiki.org/wiki/MediaWiki/"
    }
  ],
  "sourceIdentifier": "help@fluidattacks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "help@fluidattacks.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 16:15

Modified

2024-11-21 04:22

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T204729	Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T204729	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D0B6ED-00EB-425C-A101-96814F4C921A",
              "versionEndExcluding": "1.27.6",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50818088-DA3C-4C58-9D42-4B7E9EF003E1",
              "versionEndExcluding": "1.30.2",
              "versionStartIncluding": "1.30.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8AFEFD-8776-4722-82BC-21CC1214FCCC",
              "versionEndExcluding": "1.31.2",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "631F30ED-1171-42E5-8FAF-AC9230CED0C5",
              "versionEndExcluding": "1.32.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones 1.27.0 hasta 1.32.1 de Wikimedia, puede permitir una DoS. Pasando t\u00edtulos no v\u00e1lidos hacia la API podr\u00eda causar un DoS mediante la consulta de la tabla completa de la lista de observaci\u00f3n. Se corrigi\u00f3 en las versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6."
    }
  ],
  "id": "CVE-2019-12473",
  "lastModified": "2024-11-21T04:22:55.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T16:15:11.290",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T204729"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T204729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

References

URL	Tags
security@debian.org	https://bugs.debian.org/861585	Third Party Advisory
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Patch, Release Notes, Vendor Advisory
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html	Patch, Release Notes, Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T158689	Exploit, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0372	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/861585	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T158689	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0372	Issue Tracking, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.27.0
mediawiki	mediawiki	1.27.1
mediawiki	mediawiki	1.27.2
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
debian	debian_linux	7.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7098F7B9-4E9A-462D-B8D5-CA0D57E4C924",
              "versionEndIncluding": "1.23.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE1D567-FB83-48ED-A22F-2486085B8AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFBF825-C397-4A0C-8A1C-48260A135A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
    },
    {
      "lang": "es",
      "value": "Inyecci\u00f3n de par\u00e1metros en la extensi\u00f3n SyntaxHighlight de Mediawiki, en versiones anteriores a la 1.23.16, 1.27.3 y 1.28.2 podr\u00eda resultar en m\u00faltiples vulnerabilidades."
    }
  ],
  "id": "CVE-2017-0372",
  "lastModified": "2024-11-21T03:02:51.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.940",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/861585"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T158689"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/861585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T158689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-28 15:15

Modified

2024-11-21 01:59

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73078443-0FD9-47AF-B47D-ED2379653FA7",
              "versionEndExcluding": "1.19.10",
              "versionStartIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084F0F91-851A-4EC5-AEEE-15CAB104E58B",
              "versionEndExcluding": "1.21.4",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18AC051-E349-4B6E-B4E1-7C33AC78115A",
              "versionEndExcluding": "1.22.1",
              "versionStartIncluding": "1.22.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones 1.19.9 anteriores a 1.19.10, versiones 1.2x anteriores a 1.21.4 y versiones 1.22.x anteriores a 1.22.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de valores CSS no especificados."
    }
  ],
  "id": "CVE-2013-6451",
  "lastModified": "2024-11-21T01:59:15.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-28T15:15:14.560",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-02-04 01:00

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.

References

URL	Tags
secalert@redhat.com	http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz	Patch
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html	Patch
secalert@redhat.com	http://osvdb.org/70798
secalert@redhat.com	http://osvdb.org/70799
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/02/01/4
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/02/03/3
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0273	Vendor Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
af854a3a-2127-422b-91ae-364da2661108	http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70798
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70799
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/02/01/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/02/03/3
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0273	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=27094

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0rc1
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.11_development
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7056339-F0BC-4960-9ED2-68043000EAE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11_development:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BAC8B28-1EF1-47A3-831E-84ABC8974780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de salto de directorio en (1) languages/Language.php y (2) includes/StubObject.php en MediaWiki v1.8.0 y  otras versiones anteriores a v1.16.2, cuando se ejecuta en Windows y, posiblemente, Novell Netware, permitiendo a atacantes remotos incluir y ejecutar archivos PHP locales a trav\u00e9s de vectores relacionados con un archivo de idioma manipulado y la funci\u00f3n Language::factory"
    }
  ],
  "id": "CVE-2011-0537",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-04T01:00:07.933",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/70798"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/70799"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/01/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/03/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0273"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/01/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/03/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-23 20:59

Modified

2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php	Issue Tracking, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T119309	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T119309	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.24.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3971880B-BD50-4E3D-96F0-D07F60D59923",
              "versionEndIncluding": "1.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92AA40C-3E9A-44E6-9833-06853B5BF453",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n User::matchEditToken en includes/User.php en MediaWiki en versiones anteriores a 1.23.12 y 1.24.x en versiones anteriores a 1.24.5 no realiza comparaci\u00f3n de token en tiempo constante antes de regresar, lo que permite a atacantes remotos adivinar el token de edici\u00f3n y eludir la protecci\u00f3n CSRF a trav\u00e9s de un ataque de temporizaci\u00f3n, una vulnerabilidad diferente a CVE-2015-8624."
    }
  ],
  "id": "CVE-2015-8623",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-23T20:59:00.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T119309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T119309"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-15 08:29

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
security@debian.org	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
mediawiki	mediawiki	1.28.2
mediawiki	mediawiki	1.29.0
mediawiki	mediawiki	1.29.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17",
              "versionEndIncluding": "1.27.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability."
    },
    {
      "lang": "es",
      "value": "api.php en MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2 tiene una vulnerabilidad de descarga de archivos reflejada."
    }
  ],
  "id": "CVE-2017-8809",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T08:29:00.640",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-10 08:15

Modified

2025-04-07 19:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
cve@mitre.org	https://phabricator.wikimedia.org/T320987	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T320987	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "357C67CA-8586-4F8D-951C-51220DD6AA18",
              "versionEndExcluding": "1.35.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13962AAD-4625-42E8-B960-53FAE7699070",
              "versionEndExcluding": "1.38.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "243E4420-7054-4190-8270-76E09207FC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "90D9672A-851F-46B0-AA0D-35991D7802E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5141FCFC-D842-49B8-9385-5EE2DB6E7BFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.9, 1.36.x hasta 1.38.x antes de 1.38.5 y 1.39.x antes de 1.39.1. SpecialMobileHistory permite a atacantes remotos provocar una denegaci\u00f3n de servicio porque las consultas a la base de datos son lentas."
    }
  ],
  "id": "CVE-2023-22909",
  "lastModified": "2025-04-07T19:15:51.223",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-10T08:15:10.270",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T320987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T320987"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-01-26 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
secalert@redhat.com	http://osvdb.org/96910
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553
secalert@redhat.com	http://secunia.com/advisories/54723
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=52338	Exploit
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86894
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96910
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54723
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=52338	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86894

Impacted products

Vendor	Product	Version
brion_vibber	centralauth_extension	-
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:brion_vibber:centralauth_extension:-:-:-:*:-:mediawiki:*:*",
              "matchCriteriaId": "24ACA75C-241D-43C8-B65B-58508427D71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n de MediaWiki CentralAuth 1.19.x anterior a 1.19.8, 1.20.7 anterior a 1.20.x  y 1.21.x anterior 1.21.2 almacena en cach\u00e9 un objeto CentralAuthUser v\u00e1lida en la cookie centralauth_User incluso cuando el usuario no ha iniciado la sesi\u00f3n correctamente, lo que permite atacantes remotos evitar la autenticaci\u00f3n sin contrase\u00f1a."
    }
  ],
  "id": "CVE-2013-4304",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-26T20:55:04.173",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/96910"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/54723"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52338"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86894"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-09-30 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/61666
cve@mitre.org	http://www.debian.org/security/2014/dsa-3036
cve@mitre.org	http://www.openwall.com/lists/oss-security/2014/09/27/2
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=69008	Patch
cve@mitre.org	https://gerrit.wikimedia.org/r/#/c/162777/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61666
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3036
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/09/27/2
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=69008	Patch
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/c/162777/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.19.13
mediawiki	mediawiki	1.19.14
mediawiki	mediawiki	1.19.15
mediawiki	mediawiki	1.19.16
mediawiki	mediawiki	1.19.17
mediawiki	mediawiki	1.19.18
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77B822C-5536-4843-A509-D5471AC02B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "84198067-1339-4087-9B91-B0AFD45C6F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735AFF4-3E99-4E3C-B452-AB9FF31925FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "32FCA38F-137E-4CD5-B1EB-44D949468938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3099DA6-3F70-4717-92B8-F95DA7EB937B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "669F2681-6CAC-41A4-BEA3-A2B0B7572D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en MediaWiki anterior a 1.19.19, 1.22.x anterior a 1.22.11, y 1.23.x anterior a 1.23.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un fichero SVG manipulado."
    }
  ],
  "id": "CVE-2014-7199",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-09-30T14:55:11.827",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/61666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3036"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/27/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=69008"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://gerrit.wikimedia.org/r/#/c/162777/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/09/27/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=69008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gerrit.wikimedia.org/r/#/c/162777/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-28 03:15

Modified

2024-11-21 05:22

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T266400	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T266400	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FD4C96-9035-4E65-83B5-4DB1ABA7C6B2",
              "versionEndIncluding": "1.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n RandomGameUnit para MediaWiki hasta la versi\u00f3n 1.35 no escapaba adecuadamente a varios datos relacionados con los t\u00edtulos. Cuando se crearon ciertas variedades de juegos dentro de MediaWiki, sus nombres o t\u00edtulos pod\u00edan ser manipulados para generar XSS almacenados dentro de la extensi\u00f3n RandomGameUnit"
    }
  ],
  "id": "CVE-2020-27957",
  "lastModified": "2024-11-21T05:22:07.327",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-28T03:15:12.647",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T266400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T266400"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 16:15

Modified

2024-11-21 04:22

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Wikimedia MediaWiki through 1.32.1 allows CSRF.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T25227	Patch, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T25227	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D155835-B2E0-4CA8-AA0D-2F25F984016B",
              "versionEndIncluding": "1.32.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wikimedia MediaWiki through 1.32.1 allows CSRF."
    },
    {
      "lang": "es",
      "value": "MediaWiki hasta la versi\u00f3n 1.32.1 de Wikimedia, permite un problema de tipo CSRF."
    }
  ],
  "id": "CVE-2019-12466",
  "lastModified": "2024-11-21T04:22:54.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T16:15:11.087",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T25227"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T25227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-06-08 00:30

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html	Patch, Vendor Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=23371

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la interfaz de login de MediaWiki v1.15 anterior a v1.15.4 y v1.16 anterior a v1.16 beta 3, permite a atacantes remotos secuestar la autenticaci\u00f3n de otros usuarios para peticiones que (1) crean cuentas o (2) resetean la contrase\u00f1a, relacionados con el formulario Special:Userlogin."
    }
  ],
  "id": "CVE-2010-1648",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-06-08T00:30:01.570",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23371"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-11-18 02:55

Modified

2025-04-11 00:51

Severity ?

Summary

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html	Patch
secalert@redhat.com	http://secunia.com/advisories/55433	Vendor Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201310-21.xml
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/05/24/3
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=48306	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55433	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201310-21.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/05/24/3
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=48306	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de subida sin restricciones de ficheros en la API de subida de fragmentos en MediaWiki 1.19 a 1.19.6 y 1.20.x anteriores a 1.20.6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la subida de un fichero con extensi\u00f3n ejecutable."
    }
  ],
  "evaluatorComment": "CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html",
  "id": "CVE-2013-2114",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-18T02:55:07.577",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55433"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/24/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/24/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-23 20:59

Modified

2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T119309	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T119309	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.24.4
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2
mediawiki	mediawiki	1.25.3
mediawiki	mediawiki	1.26.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3971880B-BD50-4E3D-96F0-D07F60D59923",
              "versionEndIncluding": "1.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92AA40C-3E9A-44E6-9833-06853B5BF453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CCAC6ED-C3F5-4D8E-922B-FAA481210C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n User::matchEditToken en includes/User.php en MediaWiki en versiones anteriores a 1.23.12, 1.24.x en versiones anteriores a 1.24.5, 1.25.x en versiones anteriores a 1.25.4 y 1.26.x en versiones anteriores a 1.26.1 no realiza la comparaci\u00f3n de token en tiempo constante antes de determinar si se debe registrar un mensaje de depuraci\u00f3n, lo que permite a atacantes remotos adivinar el token de edici\u00f3n y eludir la protecci\u00f3n CSRF a trav\u00e9s de un ataque de temporizaci\u00f3n, una vulnerabilidad diferente a CVE-2015-8623."
    }
  ],
  "id": "CVE-2015-8624",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-23T20:59:00.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T119309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T119309"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-12 13:31

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
secalert@redhat.com	http://osvdb.org/96906
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553	Patch
secalert@redhat.com	http://www.securityfocus.com/bid/62218
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=53320	Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86891
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96906
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62218
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=53320	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86891

Impacted products

Vendor	Product	Version
liquidthreads_project	liquidthreads	2.0
liquidthreads_project	liquidthreads	2.1
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:liquidthreads_project:liquidthreads:2.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "33E04E1E-D075-4254-A0A2-C2252626CBA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liquidthreads_project:liquidthreads:2.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "B5A13AF1-AA3D-4D0B-8131-DD2AB35C6F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad cross-site scripting (XSS) en pages/TalkpageHistoryView.php en la extensi\u00f3n LiquidThreads (LQT) 2.x y posiblemente 3.x para MediaWiki 1.19.x (anteriores a 1.19.8) 1.20.x (anteriores a 1.20.7) y 1.21.x (anteriores a 1.21.2) permite a atacantes remotos inyectar script web o HTML a discrecci\u00f3n a trav\u00e9s de un  Asunto de hilo."
    }
  ],
  "id": "CVE-2013-4308",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-12T13:31:13.247",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/96906"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/62218"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86891"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-11-09 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1034028
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T91205	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034028
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T91205	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1",
              "versionEndIncluding": "1.23.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks."
    },
    {
      "lang": "es",
      "value": "La API chunked upload (ApiUpload) en MediaWiki en MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco) a trav\u00e9s de la subida de un archivo utilizando fragmentos de un byte."
    }
  ],
  "id": "CVE-2015-8002",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-09T18:59:01.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T91205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T91205"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=54527	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=54527	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n zend_inline_hash_func en php-luasandbox en la extensi\u00f3n Scribuntu para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda) a trav\u00e9s de vectores relacionados con convertir estructuras de datos Lua a PHP, demostrado mediante el traslado de { [{}] = 1 } hacia una funci\u00f3n de m\u00f3dulo."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"",
  "id": "CVE-2013-4570",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-12T14:55:04.710",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54527"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-29 03:15

Modified

2024-11-21 06:27

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T289064	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T289064	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n Growth en MediaWiki versiones hasta 1.36.2. Cualquier administrador puede a\u00f1adir c\u00f3digo JavaScript arbitrario al pie de la p\u00e1gina de inicio de los reci\u00e9n llegados, que puede ser ejecutado por los espectadores sin necesidad de realizar ninguna edici\u00f3n"
    }
  ],
  "id": "CVE-2021-42048",
  "lastModified": "2024-11-21T06:27:08.300",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-29T03:15:14.707",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289064"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-09 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/48504	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/22/9
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/24/1
secalert@redhat.com	http://www.securityfocus.com/bid/52689
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=34907	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48504	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/22/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/24/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52689
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=34907	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information."
    },
    {
      "lang": "es",
      "value": "El gestor de recursos en MediaWiki v1.17.x antes de v1.17.3 y v1.18.x antes de v1.18.2 incluye datos privados, como tokens CSRF en un archivo JavaScript, lo que permite a atacantes remotos obtener informaci\u00f3n sensible."
    }
  ],
  "id": "CVE-2012-1579",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-09T21:55:06.010",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34907"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-05-29 21:15

Modified

2024-11-21 07:23

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T307278	Exploit, Issue Tracking, Patch
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T307278	Exploit, Issue Tracking, Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8641E8E6-E89C-4EE1-A4C2-7DB79F8FCF4A",
              "versionEndExcluding": "1.35.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44F278DA-D150-4A87-AEE8-82A52D0DFE3B",
              "versionEndExcluding": "1.37.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0582934E-BEE2-4D9B-8160-9BF5E1EFD1BF",
              "versionEndExcluding": "1.38.3",
              "versionStartIncluding": "1.38.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed)."
    }
  ],
  "id": "CVE-2022-41766",
  "lastModified": "2024-11-21T07:23:48.380",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-29T21:15:09.757",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T307278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T307278"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 06:15

Modified

2024-11-21 08:26

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T345693	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T345693	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n ProofreadPage para MediaWiki anterior a 1.35.12, 1.36.x a 1.39.x anterior a 1.39.5 y 1.40.x anterior a 1.40.1. XSS puede ocurrir a trav\u00e9s de formatNumNoSeparators."
    }
  ],
  "id": "CVE-2023-45373",
  "lastModified": "2024-11-21T08:26:50.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T06:15:10.667",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T345693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T345693"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos obtener informaci\u00f3n acerca de p\u00e1gina eliminada a trav\u00e9s de las listas de vigilancia de (1) la API de registro, (2) Enhanced RecentChanges y (3) usuarios."
    }
  ],
  "id": "CVE-2013-6472",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-12T14:55:06.400",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=57025
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=57025

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en Special:CreateCategory en la extensi\u00f3n SemanticForms para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que crean categor\u00edas a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-3454",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-12T14:55:07.197",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-11 01:15

Modified

2025-04-07 19:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88	Patch, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
cve@mitre.org	https://phabricator.wikimedia.org/T321733	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T321733	Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF2D886-AEE0-480E-BA59-5D69D811D65E",
              "versionEndIncluding": "1.39.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties."
    },
    {
      "lang": "es",
      "value": "En la extensi\u00f3n GrowthExperiments para MediaWiki hasta la versi\u00f3n 1.39, la API growthmanagementorlist permite a los usuarios bloqueados (bloqueados en ApiManageMentorList) inscribirse como mentores o editar cualquiera de sus propiedades relacionadas con la tutor\u00eda."
    }
  ],
  "id": "CVE-2023-22945",
  "lastModified": "2025-04-07T19:15:51.657",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-11T01:15:10.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T321733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T321733"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-12-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33133	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33349
cve@mitre.org	http://www.debian.org/security/2009/dsa-1901
cve@mitre.org	http://www.securityfocus.com/bid/32844
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33133	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33349
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1901
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32844
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en MediaWiki 1.13.0 a 1.13.2 permite a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarias a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2008-5249",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-19T17:30:03.063",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33133"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32844"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-12 06:15

Modified

2025-06-03 14:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T349312	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T349312	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4230F0A0-3665-4881-AC77-D7E2C4FC9734",
              "versionEndExcluding": "1.40.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n Phonos en MediaWiki antes de la versi\u00f3n 1.40.2. PhonosButton.js permite XSS basado en i18n a trav\u00e9s del mensaje de error phonos-purge-needed-error."
    }
  ],
  "id": "CVE-2024-23178",
  "lastModified": "2025-06-03T14:15:46.693",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-12T06:15:47.337",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T349312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T349312"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.

References

URL	Tags
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=275099
cve@mitre.org	http://www.securityfocus.com/bid/11416	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=275099
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11416	Patch

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to \"filename validation,\" has unknown impact and attack vectors."
    }
  ],
  "id": "CVE-2004-2187",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11416"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-21 23:15

Modified

2024-11-21 05:27

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T268794	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T268794	Permissions Required, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC439F7D-8255-455F-A22C-2A6B655392D7",
              "versionEndIncluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n SecurePoll para MediaWiki versiones hasta 1.35.1.\u0026#xa0;La lista de votos non-admin contiene una marca de tiempo de votaci\u00f3n completa, que puede proporcionar pistas no deseadas sobre c\u00f3mo se desarroll\u00f3 un proceso de votaci\u00f3n"
    }
  ],
  "id": "CVE-2020-35624",
  "lastModified": "2024-11-21T05:27:43.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T23:15:12.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268794"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-09 07:15

Modified

2024-11-21 06:03

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
cve@mitre.org	https://phabricator.wikimedia.org/T272386	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T272386	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3291BAE5-6903-463D-9750-7D0B6FAD911A",
              "versionEndExcluding": "1.31.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain \"fast double move\" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it\u0027s only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x versiones anteriores a 1.35.2.\u0026#xa0;Unos usuarios pueden omitir unas restricciones previstas sobre la eliminaci\u00f3n de p\u00e1ginas en determinadas situaciones de \"fast double move\".\u0026#xa0;La funci\u00f3n MovePage::isValidMoveTarget() usa FOR UPDATE, pero solo es llamada si la funci\u00f3n Title::getArticleID() devuelve un valor distinto de cero sin indicadores especiales.\u0026#xa0;A continuaci\u00f3n, MovePage::moveToInternal() eliminar\u00e1 la p\u00e1gina si getArticleID(READ_LATEST) no es cero.\u0026#xa0;Por lo tanto, si la p\u00e1gina falta en la r\u00e9plica de la base de datos, la funci\u00f3n isValidMove() devolver\u00e1 verdadero, y luego moveToInternal() eliminar\u00e1 incondicionalmente la p\u00e1gina si se puede encontrar en el maestro"
    }
  ],
  "id": "CVE-2021-30159",
  "lastModified": "2024-11-21T06:03:25.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-09T07:15:16.277",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T272386"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T272386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-03 15:15

Modified

2024-11-21 04:56

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html	Mailing List, Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T246602	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T246602	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA566F93-D3CD-4296-A0E1-0F03CDD13F5E",
              "versionEndExcluding": "1.34.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS)."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones anteriores a 1.34.1, los usuarios pueden agregar varias clases de Cascading Style Sheets (CSS) (que pueden afectar que contenido es mostrado u ocultado en la interfaz de usuario) en unos nodos DOM arbitrarios por medio del contenido HTML dentro de una p\u00e1gina de MediaWiki. Esto se presenta porque jquery.makeCollapsible permite aplicar un manejador de eventos a cualquier selector de Cascading Style Sheets (CSS). No existe manera conocida de explotar esto para un ataque de tipo cross-site scripting (XSS)."
    }
  ],
  "id": "CVE-2020-10960",
  "lastModified": "2024-11-21T04:56:27.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-03T15:15:14.497",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T246602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T246602"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-06-29 19:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/49484	Vendor Advisory
secalert@redhat.com	http://securitytracker.com/id?1027179
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/06/14/2
secalert@redhat.com	http://www.osvdb.org/82983
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=36938
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/76311
secalert@redhat.com	https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php	Exploit, Patch
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.17
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.18
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.19
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49484	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1027179
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/06/14/2
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/82983
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=36938
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/76311
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.17
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.18
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.19

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.17.3
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99133CC5-D496-4439-A891-B6BA10123C55",
              "versionEndIncluding": "1.17.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E4780402-81D6-46E1-8ECD-3BCB97095B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "341D904D-A6D6-4644-B67B-D1D62BCFEDEA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en includes/SkinTemplate.php de MediaWiki anteriores a 1.17.5, 1.8.x anteriores a 1.18.4, y 1.19.x anteriores a 1.19.1. Permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro uselang de index.php/Main_page."
    }
  ],
  "id": "CVE-2012-2698",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-29T19:55:05.483",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49484"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1027179"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/14/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/82983"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76311"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.17"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.18"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1027179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/14/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/82983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027	Issue Tracking, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T275669	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T275669	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki versiones hasta 1.35.2.\u0026#xa0;Unos nombres de usuario de MediaWiki con espacios en blanco al final podr\u00edan ser almacenados en la tabla de la base de datos cu_log de manera que se produjera una denegaci\u00f3n de servicio para determinadas p\u00e1ginas de extensi\u00f3n y funcionalidad CheckUser.\u0026#xa0;Por ejemplo, el atacante podr\u00eda desactivar Special: CheckUserLog y as\u00ed interferir con el seguimiento del uso"
    }
  ],
  "id": "CVE-2021-31553",
  "lastModified": "2024-11-21T06:05:54.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.197",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T275669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T275669"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-428"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2024-11-21 09:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T362588	Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T362588	Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules."
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en la extensi\u00f3n MediaWikiChat para MediaWiki hasta 1.42.1. Puede ocurrir CSRF en m\u00f3dulos API."
    }
  ],
  "id": "CVE-2024-40601",
  "lastModified": "2024-11-21T09:31:21.660",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.470",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T362588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T362588"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-05-02 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/14360	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=307067	Patch
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14360	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=307067	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script."
    }
  ],
  "id": "CVE-2005-0534",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T151735	Exploit, Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0366	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T151735	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0366	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error que permite la omisi\u00f3n del filtro SVG mediante el uso de valores de atributo por defecto en una declaraci\u00f3n DTD."
    }
  ],
  "id": "CVE-2017-0366",
  "lastModified": "2024-11-21T03:02:50.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.610",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T151735"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T151735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0366"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 16:15

Modified

2024-11-21 04:22

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T212118	Patch, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T212118	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C030DF79-F610-4CAB-888B-066DC174CB21",
              "versionEndExcluding": "1.27.6",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50818088-DA3C-4C58-9D42-4B7E9EF003E1",
              "versionEndExcluding": "1.30.2",
              "versionStartIncluding": "1.30.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8AFEFD-8776-4722-82BC-21CC1214FCCC",
              "versionEndExcluding": "1.31.2",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "631F30ED-1171-42E5-8FAF-AC9230CED0C5",
              "versionEndExcluding": "1.32.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones 1.23.0 hasta 1.32.1 de Wikimedia, presenta una filtraci\u00f3n de informaci\u00f3n. Las respuestas de la API privilegiadas que incluyen si un cambio reciente que ha sido vigilado pueden ser almacenadas p\u00fablicamente. Se corrigi\u00f3 en las versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6."
    }
  ],
  "id": "CVE-2019-12474",
  "lastModified": "2024-11-21T04:22:55.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T16:15:11.353",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T212118"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T212118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-10-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
secalert@redhat.com	http://osvdb.org/96913
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553
secalert@redhat.com	http://secunia.com/advisories/54715	Vendor Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=46332	Exploit, Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86895
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.19
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.20
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.21
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96913
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54715	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=46332	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86895
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.19
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.20
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.21

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a \"\u003c\" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message."
    },
    {
      "lang": "es",
      "value": "includes/resourceloader/ResourceLoaderContext.php en MediaWiki 1.19.x anterior a la versi\u00f3n 1.19.8, 1.20.x anterior a 1.20.7, y 1.21.x anterior a la versi\u00f3n 1.21.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de \"\u003c\" (bracket de \u00e1ngulo abierto) car\u00e1cter en el par\u00e1metro de lenguaje a w/load.php, lo que revela el directorio de instalaci\u00f3n en un mensaje de error."
    }
  ],
  "id": "CVE-2013-4301",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-27T00:55:03.853",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/96913"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54715"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46332"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86895"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-03-30 07:15

Modified

2024-11-21 06:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T304126	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T304126	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78A6052-5AA3-4B3F-8A76-EEBDD5F50520",
              "versionEndIncluding": "1.37.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Mediawiki versiones hasta 1.37.1. La comprobaci\u00f3n del permiso override-antispoof en la extensi\u00f3n AntiSpoof es incorrecta"
    }
  ],
  "id": "CVE-2022-28209",
  "lastModified": "2024-11-21T06:56:57.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-30T07:15:07.493",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T304126"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T304126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-09 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/48504	Vendor Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2012/03/22/9
cve@mitre.org	http://www.openwall.com/lists/oss-security/2012/03/24/1
cve@mitre.org	http://www.securityfocus.com/bid/52689
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=22555	Vendor Advisory
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=35315
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48504	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/22/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/24/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52689
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=22555	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=35315

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function."
    },
    {
      "lang": "es",
      "value": "El analizador wikitext en MediaWiki 1.17.x antes de 1.17.3 y 1.18.x antes de 1.18.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de ciertas entradas, como lo demuestra la funci\u00f3n PadLeft."
    }
  ],
  "id": "CVE-2012-4885",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-09T21:55:07.510",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=22555"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=22555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T284364	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T284364	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n AbuseFilter en MediaWiki versiones hasta 1.36. Si el mensaje de MediaWiki:Abusefilter-blocker es inv\u00e1lido dentro del idioma del contenido, el filtro del usuario vuelve a la versi\u00f3n en Ingl\u00e9s, pero esa versi\u00f3n en ingl\u00e9s tambi\u00e9n podr\u00eda ser inv\u00e1lida en un wiki. Esto puede resultar en un error fatal, y potencialmente ocurrir un fallo en bloquear o restringir a un usuario potencialmente nefasto"
    }
  ],
  "id": "CVE-2021-36126",
  "lastModified": "2024-11-21T06:13:10.110",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.787",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T284364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T284364"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-04 21:59

Modified

2025-04-12 10:46

Severity ?

Summary

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1031301
cve@mitre.org	http://www.debian.org/security/2014/dsa-3100
cve@mitre.org	http://www.openwall.com/lists/oss-security/2014/12/03/9
cve@mitre.org	http://www.openwall.com/lists/oss-security/2014/12/04/16
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T73478	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1031301
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3100
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/03/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/04/16
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T73478	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27381EF3-7ACE-4C9C-A609-40EA8584A21B",
              "versionEndIncluding": "1.19.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing \u003ccross-domain-policy\u003e in a PHP format request, which causes the string length to change when converting the request to \u003cNOT-cross-domain-policy\u003e."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n wfMangleFlashPolicy en OutputHandler.php en MediaWiki anterior a 1.19.22, 1.20.x hasta 1.22.x anterior a 1.22.14, y 1.23.x anterior a 1.23.7 permite a atacantes remotos realizar ataques de inyecci\u00f3n de objetos PHP a trav\u00e9s de una cadena manipulada que contiene  en una solicitud de formatos PHP, lo que causa que la longitud de la cadena cambia cuando se convierte la solicitud a ."
    }
  ],
  "id": "CVE-2014-9277",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-04T21:59:02.650",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1031301"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3100"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T73478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1031301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T73478"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-18 08:15

Modified

2024-11-21 05:27

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T120883	Permissions Required
cve@mitre.org	https://www.debian.org/security/2020/dsa-4816	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T120883	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4816	Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA95C77A-2616-4CCA-B07F-6A5CD7762BA1",
              "versionEndExcluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don\u0027t exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.35.1.\u0026#xa0;Una falta de usuarios (cuentas que no existen) y usuarios ocultos (cuentas que se han ocultado expl\u00edcitamente por ser abusivas o similares) que el visualizador no puede observar son manejadas de forma diferente, exponiendo la informaci\u00f3n confidencial sobre el estado oculto a los visualizadores sin privilegios.\u0026#xa0;Esto se presenta en varias rutas de c\u00f3digo"
    }
  ],
  "id": "CVE-2020-35480",
  "lastModified": "2024-11-21T05:27:22.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-18T08:15:15.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T120883"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T120883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	Patch
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/13/15	Patch
secalert@redhat.com	http://secunia.com/advisories/44142	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2366
secalert@redhat.com	http://www.securityfocus.com/bid/47354
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0978	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1100
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1151
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=695577	Patch
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=696360	Patch
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=28235	Exploit, Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/66737
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/13/15	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44142	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2366
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47354
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0978	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1100
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1151
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=695577	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=696360	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=28235	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66737

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
microsoft	internet_explorer	*
microsoft	internet_explorer	3.0
microsoft	internet_explorer	4.0
microsoft	internet_explorer	5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AA6BD8-8AD7-4C43-8048-83A4DE0388E2",
              "versionEndIncluding": "1.16.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD86898-37BB-46C6-AC7E-0A733398E2D7",
              "versionEndIncluding": "6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character."
    },
    {
      "lang": "es",
      "value": "Ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de 1.16.3, cuando Internet Explorer 6 o versiones anteriores se utiliza, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un archivo cargado acceder con una extensi\u00f3n peligrosas, como. html al final de la cadena de consulta, en relaci\u00f3n con una modificaci\u00f3n de ruta URI que tiene una secuencia 2E% en lugar del. (punto) car\u00e1cter."
    }
  ],
  "id": "CVE-2011-1578",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-27T00:55:04.553",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44142"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/47354"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0978"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1100"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1151"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-10-17 14:29

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.

References

URL	Tags
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13	Mailing List, Third Party Advisory
security@debian.org	https://bugzilla.redhat.com/show_bug.cgi?id=1175828	Issue Tracking, Third Party Advisory
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
security@debian.org	https://security.gentoo.org/glsa/201502-04	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1175828	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201502-04	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.19.13
mediawiki	mediawiki	1.19.14
mediawiki	mediawiki	1.19.15
mediawiki	mediawiki	1.19.16
mediawiki	mediawiki	1.19.17
mediawiki	mediawiki	1.19.18
mediawiki	mediawiki	1.19.19
mediawiki	mediawiki	1.19.20
mediawiki	mediawiki	1.19.21
mediawiki	mediawiki	1.19.22
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.24.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77B822C-5536-4843-A509-D5471AC02B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "84198067-1339-4087-9B91-B0AFD45C6F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735AFF4-3E99-4E3C-B452-AB9FF31925FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "32FCA38F-137E-4CD5-B1EB-44D949468938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3099DA6-3F70-4717-92B8-F95DA7EB937B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "669F2681-6CAC-41A4-BEA3-A2B0B7572D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD712E16-8483-4A1D-B16B-32ECB60A08EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E9F666E-D871-4025-906C-61A4C41108D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDDBC47C-BF93-447F-8660-82E0C6D3D0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF299A8-77C1-4FC2-934F-8F3829C23679",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "06DD97BF-3F6D-4563-9C50-CE5AD659C9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.  NOTE: Related to CVE-2014-2053."
    },
    {
      "lang": "es",
      "value": "La biblioteca getid3 en MediaWiki en versiones anteriores a la 1.24.1, 1.23.8, 1.22.15 y 1.19.23 permite que atacantes remotos lean archivos arbitrarios, provoquen una denegaci\u00f3n de servicio u otro tipo de impacto mediante un ataque XEE (XML External Entity). NOTA: Relacionado con CVE-2014-2053."
    }
  ],
  "id": "CVE-2014-9487",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-17T14:29:00.350",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201502-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201502-04"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-03-31 19:15

Modified

2025-02-14 20:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T328643	Issue Tracking, Patch
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T328643	Issue Tracking, Patch

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users."
    }
  ],
  "id": "CVE-2023-29137",
  "lastModified": "2025-02-14T20:15:33.563",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-31T19:15:07.430",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T328643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T328643"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-06 07:15

Modified

2024-11-21 06:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
cve@mitre.org	https://phabricator.wikimedia.org/T277009	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T277009	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3291BAE5-6903-463D-9750-7D0B6FAD911A",
              "versionEndExcluding": "1.31.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x anteriores a 1.35.2.\u0026#xa0;Los usuarios bloqueados no pueden usar Special:ResetTokens.\u0026#xa0;Esto presenta relevancia para la seguridad porque un usuario bloqueado podr\u00eda haber compartido accidentalmente un token, o podr\u00eda saber que un token ha sido comprometido y, sin embargo, no puede bloquear ning\u00fan uso futuro potencial del token por una parte no autorizada"
    }
  ],
  "id": "CVE-2021-30158",
  "lastModified": "2024-11-21T06:03:25.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-06T07:15:12.497",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T277009"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T277009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-29 04:15

Modified

2024-11-21 06:59

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T302199	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T302199	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FFFEA4-A471-43C1-870B-10960DE725CF",
              "versionEndIncluding": "1.37.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo admin API en la extensi\u00f3n QuizGame para MediaWiki versiones hasta 1.37.2 (anteriores a 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omite una comprobaci\u00f3n para el usuario quizadmin"
    }
  ],
  "id": "CVE-2022-29906",
  "lastModified": "2024-11-21T06:59:56.877",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-29T04:15:10.220",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T302199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T302199"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T88310
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T88310
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9, y 1.24.x anterior a 1.24.2 no maneja correctamente cuando la funci\u00f3n xml_parse del interprete de Zend no expande entidades, lo que permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un fichero SVG manipulado."
    }
  ],
  "id": "CVE-2015-2934",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:07.380",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T88310"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T88310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-11-18 02:55

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html	Patch
secalert@redhat.com	http://secunia.com/advisories/55433	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/57472
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201310-21.xml
secalert@redhat.com	http://www.debian.org/security/2014/dsa-2891
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/05/01/2
secalert@redhat.com	http://www.securityfocus.com/bid/59594
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=47304
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55433	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57472
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201310-21.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2891
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/05/01/2
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/59594
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=47304

Impacted products

Vendor	Product	Version
gentoo	linux	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.17.3
mediawiki	mediawiki	1.17.4
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "644124C5-D3F7-43A9-8225-805FDAC3DF7C",
              "versionEndIncluding": "1.19.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E4780402-81D6-46E1-8ECD-3BCB97095B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "341D904D-A6D6-4644-B67B-D1D62BCFEDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3356EA-5FD5-478E-882B-2D7C10011537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox."
    },
    {
      "lang": "es",
      "value": "MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una secci\u00f3n CDATA conteniendo secuencias v\u00e1lidas codificadas con UTF-7 en un fichero SVG, el cual es interpretado incorrectamente como UTF-8 por Chrome y Firefox."
    }
  ],
  "id": "CVE-2013-2031",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-11-18T02:55:07.250",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55433"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/01/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/59594"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=47304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/01/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/59594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=47304"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-04-29 18:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html
cve@mitre.org	http://secunia.com/advisories/58262	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/67068
cve@mitre.org	http://www.securitytracker.com/id/1030161
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1091967
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=63251
cve@mitre.org	https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6
cve@mitre.org	https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8	Vendor Advisory
cve@mitre.org	https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58262	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67068
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030161
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1091967
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=63251
af854a3a-2127-422b-91ae-364da2661108	https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.17.3
mediawiki	mediawiki	1.17.4
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.19.13
mediawiki	mediawiki	1.19.14
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2439405-AB75-495C-938C-F697E486593A",
              "versionEndIncluding": "1.21.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E4780402-81D6-46E1-8ECD-3BCB97095B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "341D904D-A6D6-4644-B67B-D1D62BCFEDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3356EA-5FD5-478E-882B-2D7C10011537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77B822C-5536-4843-A509-D5471AC02B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "84198067-1339-4087-9B91-B0AFD45C6F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en includes/actions/InfoAction.php en MediaWiki anterior a 1.21.9 y 1.22.x anterior a 1.22.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de la clave \"sort\" en una acci\u00f3n \"info\"."
    }
  ],
  "id": "CVE-2014-2853",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-04-29T18:55:08.723",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/58262"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/67068"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1030161"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/58262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-20 17:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.

References

URL	Tags
secalert@redhat.com	http://www.securityfocus.com/bid/98057
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T137264	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98057
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T137264	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.26.0
mediawiki	mediawiki	1.26.1
mediawiki	mediawiki	1.26.2
mediawiki	mediawiki	1.26.3
mediawiki	mediawiki	1.26.4
mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
              "versionEndIncluding": "1.23.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el m\u00e9todo de Parser::replaceInternalLinks2 en MediaWiki en versiones anterior a 1.23.15, 1.26.x en versiones anterior a 1.26.4, y 1.27.x en versiones anterior a 1.27.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores incluyendo el reemplazo de porcentaje de codificaci\u00f3n en enlaces internos no cerrados."
    }
  ],
  "id": "CVE-2016-6334",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.663",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/98057"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T137264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/98057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T137264"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-08-20 18:15

Modified

2024-11-21 08:10

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
cve@mitre.org	https://phabricator.wikimedia.org/T335612	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T335612	Issue Tracking, Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB8FFF65-64E2-4995-9D76-4A76E9165631",
              "versionEndExcluding": "1.35.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "604E0A5B-4554-46AA-98AF-608A2CCDBF4F",
              "versionEndExcluding": "1.38.7",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B25814F-6A96-432B-9E6B-458E8FAA8B32",
              "versionEndExcluding": "1.39.4",
              "versionStartIncluding": "1.39.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1610A245-C33E-4BF6-B8C3-DF7E6F13FC69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.11, 1.36.x hasta 1.38.x antes de 1.38.7, 1.39.x antes de 1.39.4 y 1.40.x antes de 1.40.1. Es posible omitir la Lista de Im\u00e1genes Incorrectas (tambi\u00e9n conocida como badFile) utilizando el par\u00e1metro de thumb (tambi\u00e9n conocido como Manualthumb) de la Sintaxis del Archivo."
    }
  ],
  "id": "CVE-2023-36674",
  "lastModified": "2024-11-21T08:10:19.077",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-20T18:15:09.930",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T335612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T335612"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T281196	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T281196	Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema de tipo XSS en la extensi\u00f3n SportsTeams de MediaWiki versiones hasta 1.36. En varias p\u00e1ginas especiales, un usuario privilegiado podr\u00eda inyectar HTML y JavaScript arbitrarios en varios campos de datos. El ataque podr\u00eda propagarse f\u00e1cilmente mediante muchas p\u00e1ginas para muchos usuarios"
    }
  ],
  "id": "CVE-2021-36131",
  "lastModified": "2024-11-21T06:13:10.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.923",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T281196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T281196"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2024-11-21 09:31

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T361449	Exploit, Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T361449	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en el aspecto Metrolook para MediaWiki hasta la versi\u00f3n 1.42.1. Hay XSS almacenado a trav\u00e9s de MediaWiki: entradas del men\u00fa de nivel superior de la barra lateral."
    }
  ],
  "id": "CVE-2024-40600",
  "lastModified": "2024-11-21T09:31:21.450",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.397",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361449"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-09 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
secalert@redhat.com	http://osvdb.org/80361
secalert@redhat.com	http://secunia.com/advisories/48504	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/22/9
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/24/1
secalert@redhat.com	http://www.securityfocus.com/bid/52689
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=34212
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78911
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80361
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48504	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/22/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/24/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52689
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=34212
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78911

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en MediaWiki V1.17.x anteriores a v1.17.3 y v.18.x anteriores a v1.18.2, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios con permisos de bloque para peticiones que (1) bloqueen un usuario a trav\u00e9s de una petici\u00f3n al m\u00f3dulo Block o (2) desbloquear un usuario a trav\u00e9s de una petici\u00f3n sobre el m\u00f3dulo Unblock."
    }
  ],
  "id": "CVE-2012-1578",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-09T21:55:05.947",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/80361"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34212"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78911"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-10-06 10:02

Modified

2025-04-03 01:03

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

References

URL	Tags
cve@mitre.org	http://lwn.net/Articles/153906/	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/16932	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=352777	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lwn.net/Articles/153906/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/16932	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=352777	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) \u003cmath\u003e tags or (2) Extension or \u003cnowiki\u003e sections that \"bypass HTML style attribute restrictions\" that are intended to protect against XSS vulnerabilities in Internet Explorer clients."
    }
  ],
  "id": "CVE-2005-3165",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-10-06T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lwn.net/Articles/153906/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16932"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=352777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lwn.net/Articles/153906/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=352777"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-07-02 20:15

Modified

2024-11-21 07:10

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
cve@mitre.org	https://phabricator.wikimedia.org/T308471	Issue Tracking, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
cve@mitre.org	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T308471	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.38.0
mediawiki	mediawiki	1.38.0
mediawiki	mediawiki	1.38.0
fedoraproject	fedora	36
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27313BAD-E68E-4186-A17E-7A16671E734C",
              "versionEndExcluding": "1.35.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB94CB4-1121-4840-B3B5-BE7D2BE7F62A",
              "versionEndExcluding": "1.37.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.38.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B110D8C5-7251-4CAF-B66D-73C891D6FBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.38.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "FC165C86-E90B-4854-8CC1-14BF58D46B23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.38.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B9682453-AA16-4681-A019-C13931293D62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to \"Welcome\" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text()."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.7, 1.36.x y 1.37.x anteriores a 1.37.3, y 1.38.x anteriores a 1.38.1. Un ataque de tipo XSS puede ocurrir en configuraciones que permiten una carga \u00fatil de JavaScript en un nombre de usuario. Tras la creaci\u00f3n de la cuenta, cuando es establecido el t\u00edtulo de la p\u00e1gina como \"Welcome\" seguido del nombre de usuario, \u00e9ste no es escapado: la funci\u00f3n SpecialCreateAccount::successfulAction() llama a ::showSuccessPage() con un mensaje como segundo par\u00e1metro, y OutputPage::setPageTitle() usa text()"
    }
  ],
  "id": "CVE-2022-34911",
  "lastModified": "2024-11-21T07:10:25.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-02T20:15:08.373",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T308471"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T308471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-02-22 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/14360	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=307067	Vendor Advisory
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14360	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=307067	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
gentoo	linux	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users."
    }
  ],
  "id": "CVE-2005-0535",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-02-22T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-11-24 06:15

Modified

2024-11-21 05:23

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T266508	Exploit, Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T266508	Exploit, Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FD4C96-9035-4E65-83B5-4DB1ABA7C6B2",
              "versionEndIncluding": "1.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n PollNY para MediaWiki versiones hasta 1.35, permite un ataque de tipo XSS por medio de una opci\u00f3n de respuesta para una pregunta de encuesta, ingresada durante Special:CreatePoll o Special:UpdatePoll"
    }
  ],
  "id": "CVE-2020-29003",
  "lastModified": "2024-11-21T05:23:28.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-24T06:15:12.517",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T266508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T266508"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-02-04 01:00

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/70770
cve@mitre.org	http://secunia.com/advisories/43142	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/46108
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0273	Vendor Advisory
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/65126
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70770
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43142	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46108
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0273	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/65126

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.5_r14348
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	stable_2003-08-29
mediawiki	mediawiki	stable_2003-11-07
mediawiki	mediawiki	stable_2003-11-17

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6323A2D1-9742-47E8-AD96-F090A8463ED6",
              "versionEndIncluding": "1.16.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B4D1E6-9EFE-4608-9A97-8119822A9F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-08-29:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5450893-4658-45F8-8512-379CEA43696C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-11-07:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02DACFF-7D0B-436C-A794-F123EFE97137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-11-17:*:*:*:*:*:*:*",
              "matchCriteriaId": "258C9027-175D-48A8-830C-2D92CCCC6B3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka \"CSS injection vulnerability.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en MediaWiki anterior a v1.16.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante una hoja de estilos (CSS) manipulada, tambi\u00e9n conocido como \"vulnerabilidad de inyecci\u00f3n de CSS.\""
    }
  ],
  "id": "CVE-2011-0047",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-04T01:00:05.683",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70770"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43142"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46108"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0273"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27093"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65126"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-10-07 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

References

URL	Tags
cve@mitre.org	http://seclists.org/oss-sec/2014/q4/67
cve@mitre.org	http://secunia.com/advisories/61752
cve@mitre.org	http://www.debian.org/security/2014/dsa-3046
cve@mitre.org	http://www.securityfocus.com/bid/70238
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=70672	Patch
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2014/q4/67
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61752
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3046
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70238
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=70672	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.19.13
mediawiki	mediawiki	1.19.14
mediawiki	mediawiki	1.19.15
mediawiki	mediawiki	1.19.16
mediawiki	mediawiki	1.19.17
mediawiki	mediawiki	1.19.18
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82CC49C8-A5F0-4619-A3F2-3EE0000C0B7B",
              "versionEndIncluding": "1.19.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77B822C-5536-4843-A509-D5471AC02B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "84198067-1339-4087-9B91-B0AFD45C6F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735AFF4-3E99-4E3C-B452-AB9FF31925FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "32FCA38F-137E-4CD5-B1EB-44D949468938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3099DA6-3F70-4717-92B8-F95DA7EB937B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "669F2681-6CAC-41A4-BEA3-A2B0B7572D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css."
    },
    {
      "lang": "es",
      "value": "Las p\u00e1ginas (1) Special:Preferences y (2) Special:UserLogin en MediaWiki anterior a 1.19.20, 1.22.x anterior a 1.22.12 y 1.23.x anterior a 1.23.5 permite a usuarios remotos autenticados realizar atauqes de XSS o tener otro impacto no especificado a trav\u00e9s de CSSs manipulado, tal y como fue demostrado mediante la modificaci\u00f3n de MediaWiki:Common.css."
    }
  ],
  "id": "CVE-2014-7295",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-10-07T14:55:09.687",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q4/67"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/61752"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3046"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/70238"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q4/67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-10-04 20:29

Modified

2024-11-21 03:38

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3142
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3238
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3813
security@debian.org	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T169545	Patch, Third Party Advisory
security@debian.org	https://www.debian.org/security/2018/dsa-4301	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3142
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3238
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3813
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T169545	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4301	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.27.5
mediawiki	mediawiki	1.29.3
mediawiki	mediawiki	1.30.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2A2066-8996-48B5-A5F8-E08443D24B7A",
              "versionEndExcluding": "1.31.1",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E2BE13-CEE0-42ED-BC24-C5ED4EDBAF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD65E2E1-4634-4AE4-9631-4C3352991263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F24125C-A1AD-4CED-953F-E2D942AB02FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for \u0027user\u0027 overrides that for \u0027newbie\u0027."
    },
    {
      "lang": "es",
      "value": "Mediawiki en versiones 1.31 anteriores a la 1.31.1, 1.30.1, 1.29.3 y 1.27.5 contiene un fallo en el que, contrario a lo que pone en su documentaci\u00f3n, la entrada $wgRateLimits para \"user\" sobrescribe la de \"newbie\"."
    }
  ],
  "id": "CVE-2018-0503",
  "lastModified": "2024-11-21T03:38:22.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-04T20:29:00.327",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3142"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3238"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3813"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T169545"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T169545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4301"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-29 07:15

Modified

2024-11-21 05:23

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988	Patch, Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T262724	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T262724	Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FD4C96-9035-4E65-83B5-4DB1ABA7C6B2",
              "versionEndIncluding": "1.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack."
    },
    {
      "lang": "es",
      "value": "La API en la extensi\u00f3n Push para MediaWiki versiones hasta 1.35, no requer\u00eda un token de edici\u00f3n en el archivo ApiPushBase.php y, por lo tanto, facilit\u00f3 un ataque de tipo CSRF"
    }
  ],
  "id": "CVE-2020-29004",
  "lastModified": "2024-11-21T05:23:28.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-29T07:15:16.700",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262724"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-06-07 10:02

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.

References

URL	Tags
cve@mitre.org	http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html	Patch
cve@mitre.org	http://secunia.com/advisories/20458	Patch, Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2159
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27029
af854a3a-2127-422b-91ae-364da2661108	http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20458	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2159
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27029

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.5_r14348
mediawiki	mediawiki	1.6.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B4D1E6-9EFE-4608-9A97-8119822A9F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form."
    }
  ],
  "id": "CVE-2006-2895",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-07T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20458"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2159"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27029"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-03-25 17:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T326867	Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T326867	Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)"
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki hasta 1.42.1. La API puede exponer informaci\u00f3n suprimida para eventos de registro. (El atributo log_deleted no se aplica a las entradas)."
    }
  ],
  "id": "CVE-2024-40598",
  "lastModified": "2025-03-25T17:15:59.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.240",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T326867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T326867"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 16:15

Modified

2024-11-21 04:22

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T199540	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T199540	Issue Tracking, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2CD9BB9-9011-4BBA-B30D-DB5D300C13BD",
              "versionEndExcluding": "1.27.6",
              "versionStartIncluding": "1.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50818088-DA3C-4C58-9D42-4B7E9EF003E1",
              "versionEndExcluding": "1.30.2",
              "versionStartIncluding": "1.30.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8AFEFD-8776-4722-82BC-21CC1214FCCC",
              "versionEndExcluding": "1.31.2",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "631F30ED-1171-42E5-8FAF-AC9230CED0C5",
              "versionEndExcluding": "1.32.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de Control de Acceso Incorrecto en MediaWiki versiones 1.18.0 hasta 1.32.1 de Wikimedia. Es posible omitir los l\u00edmites en los bloques de rango IP ($wgBlockCIDRLimit) mediante el uso de la API. Se corrigi\u00f3 en las versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6."
    }
  ],
  "id": "CVE-2019-12472",
  "lastModified": "2024-11-21T04:22:55.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T16:15:11.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T199540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T199540"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-18 08:15

Modified

2024-11-21 05:27

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T205908	Exploit, Issue Tracking, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4816	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T205908	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4816	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA95C77A-2616-4CCA-B07F-6A5CD7762BA1",
              "versionEndExcluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the \"Change visibility of selected log entries\" checkbox (or a tags checkbox) next to it, there is a redirection to the main page\u0027s action=historysubmit (instead of the desired behavior in which a revision-deletion form appears)."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.35.1, bloquea los intentos leg\u00edtimos de ocultar las entradas del registro en algunas situaciones.\u0026#xa0;Si uno establece MediaWiki:Mainpage en la P\u00e1gina Special:MyLanguage/Main, visita una entrada de registro en Special:Log y alterna la casilla de comprobaci\u00f3n \"Change visibility of selected log entries\" (o una casilla de comprobaci\u00f3n de etiquetas) junto a ella, se presenta un redireccionamiento a action=historysubmit de la p\u00e1gina principal (en lugar del comportamiento deseado en el que aparece un formulario de revisi\u00f3n-eliminaci\u00f3n)"
    }
  ],
  "id": "CVE-2020-35477",
  "lastModified": "2024-11-21T05:27:22.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-18T08:15:15.230",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T205908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T205908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-670"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	Patch
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2010/07/29/4	Patch
secalert@redhat.com	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776	Patch
secalert@redhat.com	http://www.securityfocus.com/bid/42019	Patch
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=620224	Patch
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=620226	Patch
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=24565
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2010/07/29/4	Patch
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/42019	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=620224	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=620226	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=24565

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06476639-EF89-484D-94F9-B4BAABA52F98",
              "versionEndIncluding": "1.15.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim."
    },
    {
      "lang": "es",
      "value": "api.php en MediaWiki anterior a v1.15.5 no previene el uso de las cabeceras cach\u00e9 p\u00fablicas para los datos privados, lo que permite a atacantes remotos evitar las restricciones de acceso implementadas y obtener informaci\u00f3n sensible solicitando documentos desde un servidor proxy-cach\u00e9 que ha sido usado por la v\u00edctima."
    }
  ],
  "id": "CVE-2010-2787",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-27T00:55:01.677",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69776"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/42019"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620224"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/42019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-16 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

References

URL	Tags
security@debian.org	http://www.openwall.com/lists/oss-security/2014/12/21/2
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T77624	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/21/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T77624	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.24.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE55C257-9CF4-485C-8096-AC0C2759056F",
              "versionEndIncluding": "1.19.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en la extensi\u00f3n Listings para MediaWiki permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) name o (2) url."
    }
  ],
  "id": "CVE-2014-9477",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-16T16:59:11.983",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T77624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T77624"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 05:15

Modified

2024-11-21 08:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
cve@mitre.org	https://phabricator.wikimedia.org/T333050	Exploit, Third Party Advisory, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2023/dsa-5520	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T333050	Exploit, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5520	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0
debian	debian_linux	11.0
debian	debian_linux	12.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en ApiPageSet.php en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Permite a los atacantes provocar una denegaci\u00f3n de servicio (bucle ilimitado y RequestTimeoutException) cuando consultan p\u00e1ginas redirigidas a otras variantes con redirecciones y converttitles configurados."
    }
  ],
  "id": "CVE-2023-45363",
  "lastModified": "2024-11-21T08:26:49.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-10-09T05:15:09.220",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T333050"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T333050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-03-31 19:15

Modified

2025-02-18 16:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T327613	Issue Tracking, Patch
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T327613	Issue Tracking, Patch

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted."
    }
  ],
  "id": "CVE-2023-29140",
  "lastModified": "2025-02-18T16:15:15.893",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-31T19:15:07.503",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T327613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T327613"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-30 17:15

Modified

2024-11-21 08:11

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649	Release Notes, Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650	Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T339111	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T339111	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute)."
    }
  ],
  "id": "CVE-2023-37302",
  "lastModified": "2024-11-21T08:11:26.347",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-30T17:15:09.573",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T339111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T339111"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T251661	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T251661	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50B973A6-D4AD-44EC-976E-1068DDE6D20B",
              "versionEndExcluding": "1.31.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D57552-DD9C-44B8-9BA4-6AB0EAF09979",
              "versionEndExcluding": "1.34.4",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n OATHAuth en MediaWiki versiones anteriores a 1.31.10 y desde 1.32.x hasta 1.34.x anteriores a 1.34.4.\u0026#xa0;Para los wikis que usan OATHAuth en un farm/cluster (tal y como mediante CentralAuth), la limitaci\u00f3n de velocidad de los tokens OATH solo se realiza en un nivel de sitio \u00fanico.\u0026#xa0;Por lo tanto, se pueden realizar m\u00faltiples solicitudes a trav\u00e9s de muchos wikis / sitios al mismo tiempo"
    }
  ],
  "id": "CVE-2020-25827",
  "lastModified": "2024-11-21T05:18:51.127",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:12.813",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T251661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T251661"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T156184	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0368	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T156184	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0368	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error que hace que el modo rawHTML se aplique a los mensajes del sistema."
    }
  ],
  "id": "CVE-2017-0368",
  "lastModified": "2024-11-21T03:02:50.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.737",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T156184"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T156184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0368"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T108138	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0369	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T108138	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0369	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error que permite que un sysops deshaga la eliminaci\u00f3n de p\u00e1ginas aunque esta est\u00e9 protegida contra ello."
    }
  ],
  "id": "CVE-2017-0369",
  "lastModified": "2024-11-21T03:02:50.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.813",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T108138"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T108138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0369"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-10-19 21:29

Modified

2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.

References

URL	Tags
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Third Party Advisory
secalert@redhat.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=853426	Issue Tracking, Patch
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T41180	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=853426	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T41180	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03517F3-5555-4DCF-A5BD-15B2AF03C970",
              "versionEndIncluding": "1.18.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element."
    },
    {
      "lang": "es",
      "value": "MediaWiki, en versiones anteriores a la 1.18.5 y versiones 1.19.x anteriores a la 1.19.2, no env\u00eda una cabecera HTTP X-Frame-Options restrictiva, lo que permite que atacantes remotos lleven a cabo ataques de secuestro de clic mediante una respuesta API embebida en un elemento IFRAME."
    }
  ],
  "id": "CVE-2012-4379",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T21:29:00.187",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853426"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41180"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-06 21:15

Modified

2024-11-21 06:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T291696	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T291696	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en CentralAuth en MediaWiki versiones hasta 1.36.2. El mensaje rightsnone de MediaWiki no estaba siendo saneado correctamente y permit\u00eda una inyecci\u00f3n y ejecuci\u00f3n de HTML y JavaScript por medio del registro setchange"
    }
  ],
  "id": "CVE-2021-42041",
  "lastModified": "2024-11-21T06:27:07.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-06T21:15:07.260",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T291696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T291696"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1	Patch, Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T281972	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T281972	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n CentralAuth en MediaWiki versiones hasta 1.36. Los bloqueos autom\u00e1ticos para los bloques de supresi\u00f3n emitidos por CentralAuth no son implementados apropiadamente"
    }
  ],
  "id": "CVE-2021-36128",
  "lastModified": "2024-11-21T06:13:10.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.843",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T281972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T281972"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-08-22 17:55

Modified

2025-04-12 10:46

Severity ?

Summary

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.

References

URL	Tags
cve@mitre.org	http://advisories.mageia.org/MGASA-2014-0309.html
cve@mitre.org	http://openwall.com/lists/oss-security/2014/08/14/5
cve@mitre.org	http://secunia.com/advisories/59738
cve@mitre.org	http://www.debian.org/security/2014/dsa-3011
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=68187	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2014-0309.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/08/14/5
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59738
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3011
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=68187	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.19.13
mediawiki	mediawiki	1.19.14
mediawiki	mediawiki	1.19.15
mediawiki	mediawiki	1.19.16
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "426C179F-C8DE-4894-83A6-24BA3DB39183",
              "versionEndIncluding": "1.19.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77B822C-5536-4843-A509-D5471AC02B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "84198067-1339-4087-9B91-B0AFD45C6F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735AFF4-3E99-4E3C-B452-AB9FF31925FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "32FCA38F-137E-4CD5-B1EB-44D949468938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set."
    },
    {
      "lang": "es",
      "value": "El endpoint JSONP en includes/api/ApiFormatJson.php en MediaWiki anterior a 1.19.18, 1.20.x hasta 1.22.x anterior a 1.22.9, y 1.23.x anterior a 1.23.2 acepta ciertos valores largos de devoluci\u00f3n de llamada y no restringe los bytes iniciales de una respuesta JSONP, lo que permite a atacantes remotos realizar ataques de CSRF, y obtener informaci\u00f3n sensible, a trav\u00e9s de un elemento OBJECT manipulado con contenido SWF consistente con un juego de caracteres restringido."
    }
  ],
  "id": "CVE-2014-5241",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-22T17:55:02.813",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/59738"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-04-20 15:30

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.

References

URL	Tags
secalert@redhat.com	http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz	Patch
secalert@redhat.com	http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz	Patch
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html	Patch, Vendor Advisory
secalert@redhat.com	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES
secalert@redhat.com	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2041
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/04/07/1
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/04/08/4
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1055
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=580418
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=23076	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2041
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/04/07/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/04/08/4
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1055
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=580418
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=23076	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE51DAF-5F7F-44B6-9BB9-13C541FD5EAE",
              "versionEndIncluding": "1.15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker\u0027s account and then execute a crafted user script, related to a \"login CSRF\" issue."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a la v1.15.3, y v1.6.x anteriores a la v1.16.0beta2, no gestiona apropiadamente un intento de inicio de sesi\u00f3n correctamente autenticado pero no deseado, lo que facilita a usuarios remotos autenticados realizar ataques de phishing arregl\u00e1ndoselas para que una v\u00edctima inicie sesi\u00f3n en la cuenta del atacante y luego ejecute un script de usuario modificado. Relacionada con el tipo de vulneravidad inicio de sesi\u00f3n CSRF."
    }
  ],
  "id": "CVE-2010-1150",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-20T15:30:00.367",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2041"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/07/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/08/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1055"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580418"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/08/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-13 18:07

Modified

2025-04-11 00:51

Severity ?

Summary

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=54294
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=54294

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BDF753-A81D-46F4-BD23-84AE2C4F15EF",
              "versionEndIncluding": "1.19.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when \"Group changes by page in recent changes and watchlist\" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n CleanChanges de MediaWiki anterior a 1.19.9, 1.20.x anterior a 1.20.8 y 1.21.x anterior a 1.21.3, cuando \"Group changes by page in recent changes and watchlist\" est\u00e1 activada, permite a atacantes remotos obtener informaci\u00f3n sensible (revision-borrado IPs) a trav\u00e9s de la p\u00e1gina Recent Changes."
    }
  ],
  "id": "CVE-2013-4569",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-13T18:07:54.123",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54294"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-12 05:15

Modified

2025-06-04 16:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T347708	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T347708	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1",
              "versionEndExcluding": "1.35.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8",
              "versionEndExcluding": "1.39.6",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6",
              "versionEndExcluding": "1.40.2",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. XSS puede ocurrir a trav\u00e9s de definiciones de mensajes. por ejemplo, en SpecialCheckUserLog."
    }
  ],
  "id": "CVE-2024-23172",
  "lastModified": "2025-06-04T16:15:29.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-12T05:15:10.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347708"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-19 21:15

Modified

2024-11-21 06:56

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T297731	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297731	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAA4B58-74B7-4923-B1C0-D731C74DC523",
              "versionEndExcluding": "1.35.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E9D20-2900-4932-B5F3-82624754EED7",
              "versionEndExcluding": "1.36.4",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E0A6AA3-FD23-4C90-ACFC-57699A24BA94",
              "versionEndExcluding": "1.37.2",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema de denegaci\u00f3n de servicio en MediaWiki versiones anteriores a 1.35.6, 1.36.x anteriores a 1.36.4 y 1.37.x anteriores a 1.37.2. Cuando se presentan muchos archivos, la petici\u00f3n de Special:NewFiles con actor como condici\u00f3n puede resultar en una consulta de muy larga duraci\u00f3n"
    }
  ],
  "id": "CVE-2022-28203",
  "lastModified": "2024-11-21T06:56:56.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-19T21:15:09.490",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-763"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-19 21:15

Modified

2024-11-21 06:56

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

References

URL	Tags
cve@mitre.org	https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html	Exploit, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T297571	Patch, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297571	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAA4B58-74B7-4923-B1C0-D731C74DC523",
              "versionEndExcluding": "1.35.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E9D20-2900-4932-B5F3-82624754EED7",
              "versionEndExcluding": "1.36.4",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E0A6AA3-FD23-4C90-ACFC-57699A24BA94",
              "versionEndExcluding": "1.37.2",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.6, 1.36.x anteriores a 1.36.4 y 1.37.x anteriores a 1.37.2. Los usuarios con el permiso editinterface pueden desencadenar una recursi\u00f3n infinita, porque un interwiki local desnudo es manejado inapropiadamente para el mensaje de la p\u00e1gina principal"
    }
  ],
  "id": "CVE-2022-28201",
  "lastModified": "2024-11-21T06:56:56.607",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-19T21:15:09.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297571"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-03-18 19:15

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T361450	Exploit, Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T361450	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries."
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en el aspecto Nimbus para MediaWiki hasta la versi\u00f3n 1.42.1. Hay XSS almacenado a trav\u00e9s de MediaWiki: men\u00fa de la barra lateral de Nimbus y entradas del submen\u00fa."
    }
  ],
  "id": "CVE-2024-40604",
  "lastModified": "2025-03-18T19:15:43.277",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.690",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361450"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-06 15:15

Modified

2024-11-21 01:55

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=53032	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=53032	Issue Tracking, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	18
fedoraproject	fedora	19

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21DA09B3-3735-49D7-8B61-39C041A97F04",
              "versionEndExcluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF6954BB-CDD5-4A6D-88B1-4512478060EC",
              "versionEndExcluding": "1.20.8",
              "versionStartIncluding": "1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2A68410-43FA-4AD6-876C-357D8239EB9F",
              "versionEndExcluding": "1.21.3",
              "versionStartIncluding": "1.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n CentralNotice para MediaWiki versiones anteriores a 1.19.9, versiones 1.20.x anteriores a 1.20.8 y versiones 1.21.x anteriores a 1.21.3, establece el encabezado Cache-Control para almacenar en cach\u00e9 las cookies de sesi\u00f3n cuando un usuario es autocreado, lo que permite a atacantes remotos autenticarse como usuario creado."
    }
  ],
  "id": "CVE-2013-4572",
  "lastModified": "2024-11-21T01:55:51.343",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-06T15:15:10.387",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-03-13 14:44

Modified

2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html	Patch
cve@mitre.org	http://secunia.com/advisories/29216	Patch, Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES
cve@mitre.org	http://www.securityfocus.com/bid/28070	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019535
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0732/references	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40960
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29216	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28070	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019535
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0732/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40960

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.11
	mediawiki	mediawiki	1.11.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive \"cross-site\" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en MediaWiki versiones 1.11 en versiones anteriores a la 1.11.2, permite a los atacantes remotos obtener informaci\u00f3n confidencial de \"cross-site\" por medio del par\u00e1metro callback en una llamada de la API para resultados formateados JavaScript Object Notation (JSON)."
    }
  ],
  "id": "CVE-2008-1318",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-13T14:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29216"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28070"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019535"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0732/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0732/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40960"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-11-24 06:15

Modified

2024-11-21 05:23

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T267278	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T267278	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FD4C96-9035-4E65-83B5-4DB1ABA7C6B2",
              "versionEndIncluding": "1.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator."
    },
    {
      "lang": "es",
      "value": "El archivo includes/CologneBlueTemplate.php en el skin CologneBlue para MediaWiki versiones hasta 1.35, permite un ataque de tipo XSS por medio de un mensaje qbfind proporcionado por un administrador"
    }
  ],
  "id": "CVE-2020-29002",
  "lastModified": "2024-11-21T05:23:28.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-24T06:15:12.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T267278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T267278"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75	Issue Tracking, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T223654	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T223654	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki versiones hasta 1.35.2.\u0026#xa0;Su API AbuseFilterCheckMatch revela ediciones suprimidas y nombres de usuario a usuarios sin privilegios por medio de la iteraci\u00f3n de reglas AbuseFilter dise\u00f1adas"
    }
  ],
  "id": "CVE-2021-31547",
  "lastModified": "2024-11-21T06:05:53.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T223654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T223654"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-02-21 23:28

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

References

URL	Tags
cve@mitre.org	http://osvdb.org/37343	Broken Link
cve@mitre.org	http://securityreason.com/securityalert/2274	Exploit, Third Party Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES	Third Party Advisory
cve@mitre.org	http://www.bugsec.com/articles.php?Security=24	Broken Link, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/460596/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37343	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2274	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.bugsec.com/articles.php?Security=24	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/460596/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	mediawiki	mediawiki	1.9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D24CF9E-923A-4986-A609-CCC58F0A4CBA",
              "versionEndIncluding": "1.8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7BA537AE-7AE9-4E3B-A7A4-1AFF01EAB3ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter.  NOTE: this issue might be a duplicate of CVE-2007-0177."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la caracter\u00edstica AJAX del index.php en el MediaWiki 1.9.x anterior a al 1.9.0rc2, y el 1.8.2 y versiones anteriores, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro rs. NOTA: Esta vulnerabilidad puede estar duplicada con la CVE-2007-0177."
    }
  ],
  "id": "CVE-2007-1055",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-21T23:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/37343"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/2274"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.bugsec.com/articles.php?Security=24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/37343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/2274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.bugsec.com/articles.php?Security=24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-29 04:15

Modified

2024-11-21 06:59

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/786959	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T306815	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/786959	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T306815	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FFFEA4-A471-43C1-870B-10960DE725CF",
              "versionEndIncluding": "1.37.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages."
    },
    {
      "lang": "es",
      "value": "El skin Nimbus para MediaWiki versiones hasta 1.37.2 (anteriores a 6f9c8fb868345701d9544a54d9752515aace39df) permite un uso de XSS en los mensajes de los enlaces Advertise"
    }
  ],
  "id": "CVE-2022-29907",
  "lastModified": "2024-11-21T06:59:57.023",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-29T04:15:10.270",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/786959"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/786959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306815"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/18/5	Patch
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2366
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=696360	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/18/5	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2366
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=696360	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
microsoft	internet_explorer	*
microsoft	internet_explorer	3.0
microsoft	internet_explorer	4.0
microsoft	internet_explorer	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CFEB78F-89CE-429F-B31B-DC86316A765C",
              "versionEndIncluding": "1.16.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E95837-2903-45FB-B42C-1263B60566A8",
              "versionEndIncluding": "6.0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de v1.16.4, cuando se utiliza Internet Explorer v6 o versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un archivo cargado; accediendo con una extensi\u00f3n peligrosa como .html que se encuentra antes de un ? (signo de interrogaci\u00f3n) en una cadena de consulta, en relaci\u00f3n con una modificaci\u00f3n de ruta URI que tiene una secuencia 2E% en lugar del car\u00e1cter . (punto). NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2011-1578."
    }
  ],
  "id": "CVE-2011-1587",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-27T00:55:04.773",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/18/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/18/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T281043	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T281043	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema de tipo XSS en la extensi\u00f3n SocialProfile de MediaWiki versiones hasta 1.36. Dentro de varias p\u00e1ginas especiales gift-related, un usuario privilegiado con el derecho awardmanage podr\u00eda inyectar HTML y JavaScript arbitrarios dentro de varios campos de datos gift-related. El ataque podr\u00eda propagarse f\u00e1cilmente a trav\u00e9s muchas p\u00e1ginas para muchos usuarios"
    }
  ],
  "id": "CVE-2021-36130",
  "lastModified": "2024-11-21T06:13:10.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.897",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T281043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T281043"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-12-26 06:15

Modified

2025-04-14 15:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T316304	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T316304	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8641E8E6-E89C-4EE1-A4C2-7DB79F8FCF4A",
              "versionEndExcluding": "1.35.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44F278DA-D150-4A87-AEE8-82A52D0DFE3B",
              "versionEndExcluding": "1.37.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0582934E-BEE2-4D9B-8160-9BF5E1EFD1BF",
              "versionEndExcluding": "1.38.3",
              "versionStartIncluding": "1.38.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.8, 1.36.x y 1.37.x antes de 1.37.5 y 1.38.x antes de 1.38.3. Cuando los cambios realizados por una direcci\u00f3n IP se reasignan a un usuario (usando reassignEdits.php), los cambios a\u00fan se atribuir\u00e1n a la direcci\u00f3n IP en Especial: Contribuciones al realizar una b\u00fasqueda de rango."
    }
  ],
  "id": "CVE-2022-41767",
  "lastModified": "2025-04-14T15:15:21.840",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-26T06:15:11.057",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T316304"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T316304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-20 17:59

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

References

URL	Tags
secalert@redhat.com	http://www.securityfocus.com/bid/98053
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T133147	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98053
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T133147	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.26.0
mediawiki	mediawiki	1.26.1
mediawiki	mediawiki	1.26.2
mediawiki	mediawiki	1.26.3
mediawiki	mediawiki	1.26.4
mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
              "versionEndIncluding": "1.23.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en la funci\u00f3n de vista previa de subp\u00e1ginas de usuario CSS en MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4 y 1.27.x en versiones anteriores a 1.27.1 permite atacantes remotos inyectar secuencias de comandos web o HTML arbitraria a trav\u00e9s del cuadro de edici\u00f3n en Special: MyPage / common.css."
    }
  ],
  "id": "CVE-2016-6333",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.633",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/98053"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T133147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/98053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T133147"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-03-02 04:57

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	Patch, Vendor Advisory
cve@mitre.org	http://openwall.com/lists/oss-security/2014/02/28/1
cve@mitre.org	http://openwall.com/lists/oss-security/2014/03/01/2
cve@mitre.org	http://www.securityfocus.com/bid/65906
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1071139
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=61362	Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb%2Cn%2Cz
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/02/28/1
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/03/01/2
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/65906
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1071139
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=61362	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb%2Cn%2Cz

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.17.3
mediawiki	mediawiki	1.17.4
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93892D32-3543-4D1B-AEA7-B813E07F2DFD",
              "versionEndIncluding": "1.19.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E4780402-81D6-46E1-8ECD-3BCB97095B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "341D904D-A6D6-4644-B67B-D1D62BCFEDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3356EA-5FD5-478E-882B-2D7C10011537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la funci\u00f3n formatHTML en includes/api/ApiFormatBase.php en MediaWiki anterior a 1.19.12, 1.20.x y 1.21.x anterior a 1.21.6 y 1.22.x anterior a 1.22.3 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de una cadena manipulada localizada despu\u00e9s de http:// en el par\u00e1metro text hacia api.php."
    }
  ],
  "id": "CVE-2014-2244",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-02T04:57:25.950",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/65906"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071139"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61362"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb%2Cn%2Cz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb%2Cn%2Cz"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-04 21:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T72901	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T72901	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27381EF3-7ACE-4C9C-A609-40EA8584A21B",
              "versionEndIncluding": "1.19.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones 1.21.x, versiones 1.22.x anteriores a 1.22.14, y versiones 1.23.x anteriores a 1.23.7, cuando $wgContentHandlerUseDB est\u00e1 habilitado, permite a los atacantes remotos conducir ataques de tipo cross-site-scripting (XSS) mediante el ajuste del modelo de contenido para una revisi\u00f3n en JS."
    }
  ],
  "id": "CVE-2014-9507",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-04T21:59:04.963",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T72901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T72901"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-08-22 17:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.

References

URL	Tags
cve@mitre.org	http://advisories.mageia.org/MGASA-2014-0309.html
cve@mitre.org	http://openwall.com/lists/oss-security/2014/08/14/5
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
cve@mitre.org	http://www.securityfocus.com/bid/69135
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=66608	Exploit, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2014-0309.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/08/14/5
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69135
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=66608	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en mediawiki.page.image.pagination.js en MediaWiki 1.22.x anterior a 1.22.9 y 1.23.x anterior a 1.23.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores involucrando la clase multipageimagenavbox en conjunto con un valor action=raw."
    }
  ],
  "id": "CVE-2014-5242",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-22T17:55:02.860",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/69135"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=66608"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=66608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-06 21:15

Modified

2024-11-21 06:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T287347	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T287347	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones hasta 1.36.2. Una funci\u00f3n del analizador relacionada con el control de bucles permit\u00eda un bucle infinito (y un cuelgue de php-fpm) dentro de la extensi\u00f3n Loops porque egLoopsCountLimit es manejado inapropiadamente. Esto pod\u00eda conllevar a un agotamiento de la memoria"
    }
  ],
  "id": "CVE-2021-42040",
  "lastModified": "2024-11-21T06:27:07.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-06T21:15:07.213",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T287347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T287347"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-20 17:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T129738	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T129738	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.26.0
mediawiki	mediawiki	1.26.1
mediawiki	mediawiki	1.26.2
mediawiki	mediawiki	1.26.3
mediawiki	mediawiki	1.26.4
mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
              "versionEndIncluding": "1.23.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4 y1.27.x en versiones anteriores a 1.27.1, cuando $wgBlockDisablesLogin es verdadera, podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible mediante el aprovechamiento del fallo de finalizar las sesiones cuando se bloquea una cuenta de usuario."
    }
  ],
  "id": "CVE-2016-6332",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.603",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T129738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T129738"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-10-26 20:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.

References

URL	Tags
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=853417	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T39587	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=853417	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T39587	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03517F3-5555-4DCF-A5BD-15B2AF03C970",
              "versionEndIncluding": "1.18.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) en MediaWiki en versiones anteriores a la 1.18.5 y en versiones 1.19.x anteriores a la 1.19.2, cuando se usan gadgets de JavaScript sin especificar, permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro userlang en w/index.php."
    }
  ],
  "id": "CVE-2012-4378",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-26T20:29:00.327",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T39587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T39587"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-06-17 20:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T326865	Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T326865	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)"
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki hasta 1.42.1. Puede exponer informaci\u00f3n suprimida para eventos de registro. (No se respeta el atributo log_deleted)."
    }
  ],
  "id": "CVE-2024-40597",
  "lastModified": "2025-06-17T20:16:47.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.160",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T326865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T326865"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-24 02:15

Modified

2024-11-21 06:32

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e	Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
cve@mitre.org	https://phabricator.wikimedia.org/T296605	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T296605	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C47D85-B046-4EF2-AA03-69B0646A5C3D",
              "versionEndIncluding": "1.37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones hasta 1.37, el URI Special:ImportFile (tambi\u00e9n conocido como FileImporter) permite el XSS, como lo demuestra el par\u00e1metro clientUrl"
    }
  ],
  "id": "CVE-2021-45474",
  "lastModified": "2024-11-21T06:32:17.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-24T02:15:07.493",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T296605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T296605"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T270767	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T270767	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n CommentBox para MediaWiki versiones hasta 1.35.2.\u0026#xa0;por medio de variables de configuraci\u00f3n dise\u00f1adas, un actor malicioso podr\u00eda introducir cargas \u00fatiles XSS en varias capas"
    }
  ],
  "id": "CVE-2021-31550",
  "lastModified": "2024-11-21T06:05:53.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.097",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270767"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-23 22:55

Modified

2025-04-11 00:51

Severity ?

Summary

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html	Patch
secalert@redhat.com	http://secunia.com/advisories/44684
secalert@redhat.com	http://www.securityfocus.com/bid/47722
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=702512	Patch
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=28639	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44684
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47722
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=702512	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=28639	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.16.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7E40EC-1271-46F2-A41A-B93E198B6D8A",
              "versionEndIncluding": "1.16.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "973D14D0-E5B5-499D-9F13-B3201D81E5C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "includes/User.php en  MediaWiki anterior a v1.16.5, cuando wgBlockDisablesLogin es activado, no limpia ciertos datos de cach\u00e9 despu\u00e9s de verificar un fallo de un token auth, lo que permite a atacantes remotos evitar la autenticaci\u00f3n creando un wikiUserID manipulado y cookies wikiUserName, o mediante el aprovechamiento de una estaci\u00f3n de trabajo sin vigilancia."
    }
  ],
  "id": "CVE-2011-1766",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-23T22:55:01.367",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/44684"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/47722"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-30 17:15

Modified

2024-11-26 17:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T326952	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T326952	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces."
    }
  ],
  "id": "CVE-2023-37305",
  "lastModified": "2024-11-26T17:15:19.303",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-30T17:15:09.707",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T326952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T326952"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-05-05 19:15

Modified

2025-06-17 14:53

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359	Patch, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory, Mailing List
cve@mitre.org	https://phabricator.wikimedia.org/T357101	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory, Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T357101	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7D7611-D088-4AF6-8CE0-EACBE4FF4492",
              "versionEndExcluding": "1.39.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6",
              "versionEndExcluding": "1.40.2",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "314B0F2D-27BD-486B-B528-FD8A7AAE53E6",
              "versionEndExcluding": "1.41.1",
              "versionStartIncluding": "1.41.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en WikibaseLexeme en MediaWiki antes de 1.39.6, 1.40.x antes de 1.40.2 y 1.41.x antes de 1.41.1. Cargando especial: MergeLexemes (intentar\u00e1) realizar una edici\u00f3n que combine el ID de origen con el ID de destino, incluso si la solicitud no fue una solicitud POST, e incluso si no contiene un token de edici\u00f3n."
    }
  ],
  "id": "CVE-2024-34502",
  "lastModified": "2025-06-17T14:53:28.127",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-05T19:15:07.197",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T357101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T357101"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-02-25 20:30

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html	Patch
cve@mitre.org	http://secunia.com/advisories/33881	Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES	Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES	Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2009/dsa-1901
cve@mitre.org	http://www.securityfocus.com/bid/33681	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0368	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33881	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1901
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33681	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0368	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en el instalador basado en web (config/index.php) en MediaWiki v1.6 anteriores a v1.6.12, v1.12 anteriores a v1.12.4, y v1.13 anteriores a v1.13.4, cuando el instalador est\u00e1 activo, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-0737",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-25T20:30:02.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33881"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33681"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0368"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/13/15	Patch
secalert@redhat.com	http://secunia.com/advisories/44142	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2366
secalert@redhat.com	http://www.securityfocus.com/bid/47354
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0978	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1100
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1151
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=695577	Patch
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=696360	Patch
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=28449
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/66739
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/13/15	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44142	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2366
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47354
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0978	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1100
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1151
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=695577	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=696360	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=28449
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66739

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AA6BD8-8AD7-4C43-8048-83A4DE0388E2",
              "versionEndIncluding": "1.16.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de importaci\u00f3n transwiki en MediaWiki antes de v1.16.3 no comprueba correctamente los privilegios, lo que permite a usuarios autenticados remotamente realizar las importaciones de cualquier wiki wgImportSources a trav\u00e9s de una petici\u00f3n POST manipulada."
    }
  ],
  "id": "CVE-2011-1580",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-27T00:55:04.647",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44142"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/47354"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0978"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1100"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1151"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28449"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66739"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-29 04:15

Modified

2024-11-21 06:59

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T306463	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T306463	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FFFEA4-A471-43C1-870B-10960DE725CF",
              "versionEndIncluding": "1.37.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain \u0027-\u0027 and \u0027_\u0027 constraints."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n SemanticDrilldown para MediaWiki versiones hasta 1.37.2 (anteriores a e688bdba6434591b5dff689a45e4d53459954773) permite una inyecci\u00f3n SQL con determinadas restricciones \"-\" y \"_\""
    }
  ],
  "id": "CVE-2022-29904",
  "lastModified": "2024-11-21T06:59:56.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-29T04:15:10.123",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306463"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-18 08:15

Modified

2024-11-21 05:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T268894	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T268894	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA95C77A-2616-4CCA-B07F-6A5CD7762BA1",
              "versionEndExcluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones anteriores a 1.35.1, la combinaci\u00f3n de las funciones Html::rawElement y Message::text conlleva a un tipo XSS porque la definici\u00f3n de MediaWiki:Recentchanges-legend-watchlistexpiry puede ser cambiado onWiki para que la salida sea HTML sin procesar"
    }
  ],
  "id": "CVE-2020-35474",
  "lastModified": "2024-11-21T05:27:21.877",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-18T08:15:15.060",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268894"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-12-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
cve@mitre.org	http://secunia.com/advisories/33349	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47678
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33349	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47678
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/."
    },
    {
      "lang": "es",
      "value": "MediaWiki versi\u00f3n 1.11, y otras versiones anteriores a 1.13.3, no protege apropiadamente contra la descarga de copias de seguridad de im\u00e1genes eliminadas, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n confidencial por medio de peticiones de archivos en images/deleted/."
    }
  ],
  "id": "CVE-2008-5687",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-19T17:30:03.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-03-17 22:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T363884	Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T363884	Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request."
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en la extensi\u00f3n ArticleRatings para MediaWiki hasta la versi\u00f3n 1.42.1. Especial: ChangeRating permite a CSRF modificar datos mediante una solicitud GET."
    }
  ],
  "id": "CVE-2024-40603",
  "lastModified": "2025-03-17T22:15:12.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.617",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T363884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T363884"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-30 17:15

Modified

2024-11-27 19:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T330968	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T330968	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users."
    }
  ],
  "id": "CVE-2023-37300",
  "lastModified": "2024-11-27T19:15:31.773",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-30T17:15:09.477",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T330968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T330968"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-12 06:15

Modified

2024-11-21 08:57

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/	Issue Tracking, Patch, Release Notes
cve@mitre.org	https://phabricator.wikimedia.org/T347746	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/	Issue Tracking, Patch, Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T347746	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4230F0A0-3665-4881-AC77-D7E2C4FC9734",
              "versionEndExcluding": "1.40.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n GlobalBlocking en MediaWiki antes de la versi\u00f3n 1.40.2. Para un URI Special:GlobalBlock?uselang=x-xss, el XSS basado en i18n puede ocurrir a trav\u00e9s del mensaje entre par\u00e9ntesis. Esto afecta los enlaces de subt\u00edtulos en buildSubtitleLinks."
    }
  ],
  "id": "CVE-2024-23179",
  "lastModified": "2024-11-21T08:57:07.983",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-12T06:15:47.383",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Release Notes"
      ],
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Release Notes"
      ],
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347746"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 15:15

Modified

2024-11-21 04:22

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T209794	Patch, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T209794	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73DB4FC-F058-41A4-8A93-B7902283741B",
              "versionEndExcluding": "1.27.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50818088-DA3C-4C58-9D42-4B7E9EF003E1",
              "versionEndExcluding": "1.30.2",
              "versionStartIncluding": "1.30.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8AFEFD-8776-4722-82BC-21CC1214FCCC",
              "versionEndExcluding": "1.31.2",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "631F30ED-1171-42E5-8FAF-AC9230CED0C5",
              "versionEndExcluding": "1.32.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
    },
    {
      "lang": "es",
      "value": "MediaWiki hasta la versi\u00f3n 1.32.1, presenta Control de Acceso Incorrecto (problema 1 de 3). Un spammer puede usar Special:ChangeEmail para enviar spam sin l\u00edmite de velocidad o capacidad para bloquearlos. Se corrigi\u00f3 en las versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6."
    }
  ],
  "id": "CVE-2019-12467",
  "lastModified": "2024-11-21T04:22:54.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T15:15:12.307",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T209794"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T209794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-11 08:15

Modified

2024-11-21 06:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
cve@mitre.org	https://phabricator.wikimedia.org/T290394	Permissions Required
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T290394	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E151A08F-6DFB-4D6E-82CD-000CCF6581F3",
              "versionEndExcluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query\u0026list=backlinks) can cause a full table scan."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.36.2, permite una denegaci\u00f3n de servicio (consumo de recursos debido a un largo tiempo de procesamiento de la consulta). ApiQueryBacklinks (action=query\u0026amp;list=backlinks) puede causar un escaneo completo de la tabla"
    }
  ],
  "id": "CVE-2021-41799",
  "lastModified": "2024-11-21T06:26:47.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-11T08:15:06.767",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T290394"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T290394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-10-03 17:41

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.

References

▶	URL	Tags
	cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
	cve@mitre.org	http://openwall.com/lists/oss-security/2008/10/02/3
	cve@mitre.org	http://secunia.com/advisories/32128
	cve@mitre.org	http://secunia.com/advisories/32131
	cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES
	cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
	cve@mitre.org	http://www.securityfocus.com/bid/31540
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/2737
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45632
	cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html
	cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
	af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2008/10/02/3
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32128
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32131
	af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES
	af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31540
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2737
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45632
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.12.0
	mediawiki	mediawiki	1.13.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MediaWiki vv1.13.1, 1.12.0, y posiblemente otras versiones anteriores a v1.13.2 permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"useskin\" en un componente no especificado."
    }
  ],
  "id": "CVE-2008-4408",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-10-03T17:41:40.540",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2008/10/02/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32128"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32131"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31540"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2737"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45632"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2008/10/02/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-03-12 23:15

Modified

2024-11-21 04:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T229731	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T229731	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC87880B-F6BF-464E-81D0-57DF43438F20",
              "versionEndIncluding": "1.34.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled."
    },
    {
      "lang": "es",
      "value": "En la extensi\u00f3n GlobalBlocking antes del 10-03-2020, para MediaWiki versiones hasta la versi\u00f3n 1.34.0, un problema relacionado con la evaluaci\u00f3n del rango IP result\u00f3 en que los usuarios bloqueados volvieran a obtener privilegios escalados. Esto est\u00e1 relacionado al caso en el cual una direcci\u00f3n IP est\u00e1 contenida en dos rangos, uno de los cuales est\u00e1 deshabilitado localmente."
    }
  ],
  "id": "CVE-2020-10534",
  "lastModified": "2024-11-21T04:55:31.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-12T23:15:12.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T229731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T229731"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-12 05:15

Modified

2025-06-03 14:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214	Patch
cve@mitre.org	https://phabricator.wikimedia.org/T348687	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214	Patch
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T348687	Exploit, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1",
              "versionEndExcluding": "1.35.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8",
              "versionEndExcluding": "1.39.6",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6",
              "versionEndExcluding": "1.40.2",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n Cargo en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. La p\u00e1gina Special:Drilldown permite XSS a trav\u00e9s de los par\u00e1metros artist, album y position debido a los valores de filtro aplicados en drilldown/CargoAppliedFilter.php."
    }
  ],
  "id": "CVE-2024-23173",
  "lastModified": "2025-06-03T14:15:46.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-12T05:15:10.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T348687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T348687"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-30 17:15

Modified

2024-11-27 19:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663	Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T250720	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T250720	Exploit, Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn\u0027t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur."
    }
  ],
  "id": "CVE-2023-37301",
  "lastModified": "2024-11-27T19:15:31.957",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-30T17:15:09.527",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T250720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T250720"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-13 18:07

Modified

2025-04-11 00:51

Severity ?

Summary

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	secalert@redhat.com	http://secunia.com/advisories/57472
	secalert@redhat.com	http://www.debian.org/security/2014/dsa-2891
	secalert@redhat.com	http://www.securityfocus.com/bid/63761
	secalert@redhat.com	https://bugzilla.wikimedia.org/attachment.cgi?id=13452&action=diff
	secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57472
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2891
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/63761
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/attachment.cgi?id=13452&action=diff
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=55332

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BDF753-A81D-46F4-BD23-84AE2C4F15EF",
              "versionEndIncluding": "1.19.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of \"expression\" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de blacklist incompleta en Sanitizer::checkCss en MediaWiki anteriores a 1.19.9, 1.20.8, y 1.21.x (anteriores a 1.21.3) permite a atacantes remotos conducir ataques de cross-site scripting (XSS) a trav\u00e9s de ciertos caracteres no-ASCII en CSS, como fue demostrado utilizando variaciones de \"expresion\" que contienen (1) caracteres de ancho total o (2) extensiones IPA, las cuales son convertidas y renderizadas por Internet Explorer."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\n\n\"CWE-184: Incomplete Blacklist\"",
  "id": "CVE-2013-4568",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-13T18:07:54.093",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/63761"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=13452\u0026action=diff"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/63761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=13452\u0026action=diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:18

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592	Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "857D0060-2552-4522-B27C-3D3B51258E78",
              "versionEndExcluding": "1.34.4",
              "versionStartIncluding": "1.34.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki desde 1.34.x anteriores a 1.34.4.\u0026#xa0;En Special:Contributions, el filtro NS usa mensajes sin escape como claves en la clave de opci\u00f3n para un especificador HTMLForm.\u0026#xa0;Esto es vulnerable a un ataque de tipo XSS leve si uno de esos mensajes es cambiado para incluir HTML sin formato"
    }
  ],
  "id": "CVE-2020-25812",
  "lastModified": "2024-11-21T05:18:49.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:12.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T71210
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T71210
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service (\"quadratic blowup\" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9 y 1.24.x anterior a 1.24.2, cuando se utiliza HHVM o Zend PHP, permite a atacantes remotos causar una denegaci\u00f3n de servicio (\u0027quadratic blowup\u0027 y consumo de memoria) a trav\u00e9s de un fichero XML que contiene una declaraci\u00f3n de entidad con un reemplazamiento de cadena de texto larga y muchas referencias a esta entidad, una vulnerabilidad diferente a CVE-2015-2942."
    }
  ],
  "id": "CVE-2015-2937",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-13T14:59:10.460",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T71210"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T71210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-29 07:15

Modified

2024-11-21 05:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T262724	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T262724	Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FD4C96-9035-4E65-83B5-4DB1ABA7C6B2",
              "versionEndIncluding": "1.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure."
    },
    {
      "lang": "es",
      "value": "La API en la extensi\u00f3n Push para MediaWiki versiones hasta 1.35, usa texto sin cifrar para las credenciales de ApiPush, permitiendo una potencial divulgaci\u00f3n de informaci\u00f3n"
    }
  ],
  "id": "CVE-2020-29005",
  "lastModified": "2024-11-21T05:23:28.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-29T07:15:16.763",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262724"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        },
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-30 16:15

Modified

2024-11-21 06:57

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893	Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T298434	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T298434	Permissions Required

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FFFEA4-A471-43C1-870B-10960DE725CF",
              "versionEndIncluding": "1.37.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,"
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones hasta 1.37.2. La extensi\u00f3n SecurePoll permite un filtrado porque es admitida una ordenaci\u00f3n por marca de tiempo"
    }
  ],
  "id": "CVE-2022-28323",
  "lastModified": "2024-11-21T06:57:10.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-30T16:15:07.673",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T298434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T298434"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T282932	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T282932	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups\u0027 metadata."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n Translate de MediaWiki versiones hasta 1.36. El m\u00f3dulo Aggregategroups Action API no comprueba el par\u00e1metro para aggregategroup cuando se ajusta action=remove, permitiendo a usuarios con el derecho translate-manage eliminar silenciosamente los metadatos de varios grupos"
    }
  ],
  "id": "CVE-2021-36129",
  "lastModified": "2024-11-21T06:13:10.553",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.870",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T282932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T282932"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793	Issue Tracking, Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c	Issue Tracking, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T259433	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T259433	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n PageForms para MediaWiki versiones hasta 1.35.2.\u0026#xa0;Las cargas \u00fatiles dise\u00f1adas para los par\u00e1metros query relacionados con el token permitieron un ataque de tipo XSS en determinadas p\u00e1ginas de MediaWiki administradas por PageForms"
    }
  ],
  "id": "CVE-2021-31551",
  "lastModified": "2024-11-21T06:05:53.813",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.130",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T259433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T259433"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-03-31 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39022	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39656
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES
cve@mitre.org	http://www.debian.org/security/2010/dsa-2022
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0685	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2010/1001
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39022	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39656
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2022
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0685	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1001

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.15.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A20EC18-6A14-4264-9828-66DF96E03442",
              "versionEndIncluding": "1.15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations."
    },
    {
      "lang": "es",
      "value": "thumb.php en MediaWiki en versiones anteriores a la 1.15.2, cuando es usado con mecanismos de restricci\u00f3n de acceso como en img_auth.php, no verifica los permisos del usuario antes de proporcionar im\u00e1genes a escala, lo que permite a atacantes remotos eludir restricciones de acceso establecidas y leer im\u00e1genes privadas a trav\u00e9s de manipulaciones no especificadas."
    }
  ],
  "id": "CVE-2010-1190",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-31T18:00:00.627",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39656"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2010/dsa-2022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0685"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1001"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-02-21 23:28

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.

References

URL	Tags
cve@mitre.org	http://attrition.org/pipermail/vim/2007-February/001367.html	Exploit
cve@mitre.org	http://osvdb.org/32078
cve@mitre.org	http://secunia.com/advisories/24211
cve@mitre.org	http://securityreason.com/securityalert/2274
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=487921&group_id=34373
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES
cve@mitre.org	http://www.bugsec.com/articles.php?Security=24	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/460596/100/0/threaded
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0678
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586
af854a3a-2127-422b-91ae-364da2661108	http://attrition.org/pipermail/vim/2007-February/001367.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32078
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24211
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2274
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=487921&group_id=34373
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES
af854a3a-2127-422b-91ae-364da2661108	http://www.bugsec.com/articles.php?Security=24	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/460596/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0678
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D24CF9E-923A-4986-A609-CCC58F0A4CBA",
              "versionEndIncluding": "1.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en las caracter\u00edsticas AJAX en idex.php de MediaWiki 1.6.x hasta 1.9.2, cuando $wgUseAjax est\u00e1 habilitado, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante un valor codificado UTF-7 del par\u00e1metro rs, que es procesado por Internet Explorer."
    }
  ],
  "evaluatorImpact": "Successful exploitation requires that \"$wgUseAjax\" is enabled",
  "id": "CVE-2007-1054",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-21T23:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://attrition.org/pipermail/vim/2007-February/001367.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24211"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2274"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=487921\u0026group_id=34373"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.bugsec.com/articles.php?Security=24"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0678"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://attrition.org/pipermail/vim/2007-February/001367.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=487921\u0026group_id=34373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.bugsec.com/articles.php?Security=24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-11-09 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1034028
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T91203	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034028
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T91203	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1",
              "versionEndIncluding": "1.23.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size."
    },
    {
      "lang": "es",
      "value": "La API chunked upload (ApiUpload) en MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 no restringe los datos subidos al tama\u00f1o de archivo declarado, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio a trav\u00e9s de un fragmento que excede del tama\u00f1o de archivo."
    }
  ],
  "id": "CVE-2015-8001",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-09T18:59:00.113",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T91203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T91203"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-09 07:15

Modified

2024-11-21 06:03

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
cve@mitre.org	https://phabricator.wikimedia.org/T276306	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T276306	Exploit, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3291BAE5-6903-463D-9750-7D0B6FAD911A",
              "versionEndExcluding": "1.31.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a \"hidden\" user exists."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.12 y 1.32.xa 1.35.x versiones anteriores a 1.35.2.\u0026#xa0;Special:Contributions pueden filtrar que un usuario \"hidden\" exista"
    }
  ],
  "id": "CVE-2021-30156",
  "lastModified": "2024-11-21T06:03:24.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-09T07:15:16.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T276306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T276306"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-12-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33133	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33349
cve@mitre.org	http://www.debian.org/security/2009/dsa-1901
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33133	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33349
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1901
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados en la funcionalidad Special:Import en MediaWiki 1.3.0 a 1.6.10, 1.12.x antes de 1.12.2, y 1.13.3 antes de 1.13.x, permite a atacantes remotos llevar a cabo acciones no especificadas como usuarios autenticados a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2008-5252",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-19T17:30:03.157",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33133"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T85855
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T85855
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9 y 1.24.x anterior a 1.24.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un fichero JavaScript personalizado, lo cual no se maneja debidamente cuando se previsualiza el fichero."
    }
  ],
  "id": "CVE-2015-2938",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:11.427",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T85855"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T85855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-12-29 22:29

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html	Issue Tracking, Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html	Issue Tracking, Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html	Issue Tracking, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/10/29/14	Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/77379	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1034028	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1273353	Issue Tracking, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html	Issue Tracking, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T103022	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/10/29/14	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77379	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034028	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1273353	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T103022	Issue Tracking, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
fedoraproject	fedora	21
fedoraproject	fedora	22
fedoraproject	fedora	23

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A00FAD9-EAC5-4624-8418-EEFCAFD4B79D",
              "versionEndExcluding": "1.25.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n OAuth para MediaWiki negocia incorrectamente un nuevo token de cliente solo en Special:OAuth/initiate. Esto permite que atacantes omitan las restricciones de direcci\u00f3n IP planeadas elaborando una petici\u00f3n API con un token existente."
    }
  ],
  "id": "CVE-2015-8008",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-29T22:29:00.630",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/77379"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T103022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/77379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T103022"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-09-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	http://www.securityfocus.com/bid/76334
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76334
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A",
              "versionEndIncluding": "1.23.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en thumb.php en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro rel404, el cual no es manejado correctamente en una p\u00e1gina de error."
    }
  ],
  "id": "CVE-2015-6729",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-09-01T14:59:07.277",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-11-18 02:55

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html	Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html	Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html	Third Party Advisory
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html	Patch
secalert@redhat.com	http://secunia.com/advisories/55433
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=46590	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55433
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=46590	Issue Tracking, Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.17.3
mediawiki	mediawiki	1.17.4
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
fedoraproject	fedora	17
fedoraproject	fedora	18
fedoraproject	fedora	19
gentoo	linux	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "644124C5-D3F7-43A9-8225-805FDAC3DF7C",
              "versionEndIncluding": "1.19.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E4780402-81D6-46E1-8ECD-3BCB97095B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "341D904D-A6D6-4644-B67B-D1D62BCFEDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3356EA-5FD5-478E-882B-2D7C10011537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks."
    },
    {
      "lang": "es",
      "value": "MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5 no permite a las extensiones prevenir cambios en las contrase\u00f1as sin usar Special:PasswordReset y Special:ChangePassword, lo cual permite a atacantes remotos sortear restricciones de acceso en extensiones que s\u00f3lo implementan uno de estos bloques."
    }
  ],
  "id": "CVE-2013-2032",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-18T02:55:07.297",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55433"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-09-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	http://www.securityfocus.com/bid/76334
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76334
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A",
              "versionEndIncluding": "1.23.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to \"ForeignAPI images.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en thumb.php en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro f, el cual no es manejado correctamente en una p\u00e1gina de error, relacionado con \u0027ForeignAPI images\u0027."
    }
  ],
  "id": "CVE-2015-6730",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-09-01T14:59:08.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-21 23:15

Modified

2024-11-21 05:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T268341	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T268341	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC439F7D-8255-455F-A22C-2A6B655392D7",
              "versionEndIncluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n GlobalUsage para MediaWiki versiones hasta 1.35.1.\u0026#xa0;El archivo SpecialGlobalUsage.php llama a la funci\u00f3n WikiMap::makeForeignLink de forma no segura.\u0026#xa0;La variable $page dentro de la funci\u00f3n formatItem no se escapaba apropiadamente, lo que permit\u00eda un XSS en determinadas condiciones"
    }
  ],
  "id": "CVE-2020-35622",
  "lastModified": "2024-11-21T05:27:42.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T23:15:12.373",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268341"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-08-22 17:55

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

References

URL	Tags
cve@mitre.org	http://advisories.mageia.org/MGASA-2014-0309.html
cve@mitre.org	http://openwall.com/lists/oss-security/2014/08/14/5
cve@mitre.org	http://secunia.com/advisories/59738
cve@mitre.org	http://www.debian.org/security/2014/dsa-3011
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=65778	Exploit, Patch
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2014-0309.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/08/14/5
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59738
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3011
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=65778	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.19.9
mediawiki	mediawiki	1.19.10
mediawiki	mediawiki	1.19.11
mediawiki	mediawiki	1.19.12
mediawiki	mediawiki	1.19.13
mediawiki	mediawiki	1.19.14
mediawiki	mediawiki	1.19.15
mediawiki	mediawiki	1.19.16
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "426C179F-C8DE-4894-83A6-24BA3DB39183",
              "versionEndIncluding": "1.19.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85F3B7-9CB4-481C-B1A5-AB95F81C4126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25C57E2-8E04-4A54-9211-C7B4B7CC4E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "927A7FCC-273B-4387-A9DB-C1DADB40D3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "37210D17-71E8-4A05-87CE-F27E2F8DDEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77B822C-5536-4843-A509-D5471AC02B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "84198067-1339-4087-9B91-B0AFD45C6F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735AFF4-3E99-4E3C-B452-AB9FF31925FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "32FCA38F-137E-4CD5-B1EB-44D949468938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.19.18, 1.20.x hasta 1.22.x anterior a 1.22.9, y 1.23.x anterior a 1.23.2 no aplica un mecanismo de protecci\u00f3n IFRAME para p\u00e1ginas transcluidas, lo que facilita a atacantes remotos realizar ataques de clickjacking a trav\u00e9s de un sitio web manipulado."
    }
  ],
  "id": "CVE-2014-5243",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-22T17:55:02.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/59738"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-08 18:15

Modified

2024-11-21 01:42

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.

References

URL	Tags
secalert@redhat.com	http://osvdb.org/show/osvdb/85106	Broken Link
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Mailing List, Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=853442	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Release Notes, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T41184	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/show/osvdb/85106	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=853442	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T41184	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B14B98-4263-457B-B6AF-3F766621A803",
              "versionEndExcluding": "1.18.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94005844-01F9-4B1B-9306-463C0C602067",
              "versionEndExcluding": "1.19.2",
              "versionStartIncluding": "1.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.18.5 y versiones 1.19.x anteriores a 1.19.2, guardan las contrase\u00f1as en la base de datos local, (1) lo que podr\u00eda facilitar a atacantes dependiendo del contexto obtener contrase\u00f1as de texto sin cifrar por medio de un ataque de fuerza bruta o, (2) cuando un plugin de autenticaci\u00f3n devuelve un falso en la funci\u00f3n strict, podr\u00eda permitir a atacantes remotos utilizar contrase\u00f1as antiguas para cuentas no existentes en un sistema de autenticaci\u00f3n externo por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2012-4381",
  "lastModified": "2024-11-21T01:42:46.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-08T18:15:11.243",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/show/osvdb/85106"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/show/osvdb/85106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41184"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-20 09:15

Modified

2024-11-21 06:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T297322	Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
cve@mitre.org	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297322	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit\u0026undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x versiones anteriores a 1.36.3 y 1.37.x versiones anteriores a 1.37.1. Es posible usar action=edit\u0026amp;undo= seguido de action=mcrundo y action=mcrrestore para visualizar p\u00e1ginas privadas en un wiki privado que presenta al menos una p\u00e1gina establecida en $wgWhitelistRead"
    }
  ],
  "id": "CVE-2021-44858",
  "lastModified": "2024-11-21T06:31:37.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-20T09:15:06.770",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297322"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-12-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33133	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33349
cve@mitre.org	http://www.debian.org/security/2009/dsa-1901
cve@mitre.org	http://www.securityfocus.com/bid/32844
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33133	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33349
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1901
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32844
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en versiones de MediaWiki anteriores a  1.6.11, 1.12.x anteriores a 1.12.2, y 1.13.3 anteriores a 1.13.x, cuando se esta usando Internet Explorer y las subidas est\u00e1n habilitadas, o bien cuando un navegador que permita secuencias de comandos SVG se este usando y las subidas SVG est\u00e9n habilitadas, permite a usuarios remotos autenticados inyectar HTML o secuencias de comandos web arbitrarias  durante la edici\u00f3n de una p\u00e1gina del wiki."
    }
  ],
  "id": "CVE-2008-5250",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-19T17:30:03.110",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33133"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32844"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-13 18:07

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.

References

▶	URL	Tags
	cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=40747
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=40747

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BDF753-A81D-46F4-BD23-84AE2C4F15EF",
              "versionEndIncluding": "1.19.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Cross-site request forgery (CSRF) en la extensi\u00f3n de MediaWiki CentralAuth antes de 1.19.9, 1.20.x anterior a  1.20.8  y 1.21.x anterior a 1.21.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios para las solicitudes de inicio de sesi\u00f3n que a trav\u00e9s de de vectores relacionados con la carga de im\u00e1genes."
    }
  ],
  "id": "CVE-2012-5394",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-13T18:07:53.750",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-09-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	http://www.securityfocus.com/bid/76334
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76334
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A",
              "versionEndIncluding": "1.23.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la funci\u00f3n ApiBase::getWatchlistUser en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, no realiza el token de comparaci\u00f3n en tiempo constante, lo que permite a atacantes remotos adivinar el token de lista de observaci\u00f3n y evadir la protecci\u00f3n CSRF a trav\u00e9s de un ataque de oportunidad."
    }
  ],
  "id": "CVE-2015-6728",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-01T14:59:06.197",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-10-11 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
secalert@redhat.com	http://osvdb.org/96908	Broken Link
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/62210	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=45019	Issue Tracking, Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86893	VDB Entry
secalert@redhat.com	https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96908	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62210	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=45019	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86893	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "079904A7-7992-48C6-9C50-54892F24826C",
              "versionEndExcluding": "1.19.8",
              "versionStartIncluding": "1.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B32E340B-5FF7-43F7-A1E8-16CACE765F31",
              "versionEndExcluding": "1.20.7",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "967C4E11-A76A-4519-950D-D580C31AFB2C",
              "versionEndExcluding": "1.21.2",
              "versionStartIncluding": "1.21.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that \"perform sensitive write actions\" via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad cross-site request forgery (CSRF) en api/ApiQueryCheckUser.php en la extensi\u00f3n CheckUser para MediaWiki, posiblemente CheckUser anteriores a 2.3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios de forma arbitraria para peticiones que \"realizan acciones de escritura sensibles\" a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-4306",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-11T21:55:44.353",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/96908"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62210"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45019"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86893"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/96908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T48143	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0370	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T48143	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0370	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax\u0027s link parameter."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error por el cual la lista negra de Spam no es efectiva en URL embebidas en el par\u00e1metro link de la sintaxis de inclusi\u00f3n de archivos."
    }
  ],
  "id": "CVE-2017-0370",
  "lastModified": "2024-11-21T03:02:51.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.877",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T48143"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T48143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0370"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la extensi\u00f3n TimeMediaHandler para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con v\u00eddeos."
    }
  ],
  "id": "CVE-2013-4574",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-12T14:55:04.897",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-11-09 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1034028
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T95589	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034028
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T95589	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1",
              "versionEndIncluding": "1.23.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 no restringe correctamente el acceso a las revisiones, lo que permite a usuarios remotos autenticados con el derecho de usuario viewsuppressed eliminar las supresiones de revisi\u00f3n a trav\u00e9s de una acci\u00f3n revisiondelete manipulada, lo que devuelve un formulario a change v\u00e1lido."
    }
  ],
  "id": "CVE-2015-8004",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-09T18:59:03.897",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T95589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T95589"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-05-02 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/14993	Patch
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=322146	Patch
cve@mitre.org	http://www.osvdb.org/15719
cve@mitre.org	http://www.securityfocus.com/bid/13301	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/20210
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14993	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=322146	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/15719
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/13301	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/20210

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
    }
  ],
  "id": "CVE-2005-1245",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/14993"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=322146"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/15719"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13301"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/14993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=322146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/15719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20210"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-06-02 14:15

Modified

2024-11-21 04:56

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T232932	Exploit, Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T240393	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T232932	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T240393	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "640D348A-3B0B-4670-931C-1CF560E779B0",
              "versionEndExcluding": "1.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page."
    },
    {
      "lang": "es",
      "value": "En el archivo resources/src/mediawiki.page.ready/ready.js en MediaWiki versiones anteriores a 1.35, permite a atacantes remotos forzar un cierre de sesi\u00f3n y una redirecci\u00f3n externa por medio del contenido HTML en una p\u00e1gina de MediaWiki."
    }
  ],
  "id": "CVE-2020-10959",
  "lastModified": "2024-11-21T04:56:27.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-02T14:15:10.507",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T232932"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T240393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T232932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T240393"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 06:15

Modified

2024-11-21 08:26

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T344359	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T344359	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n PageTriage para MediaWiki anterior a 1.35.12, 1.36.x a 1.39.x anterior a 1.39.5 y 1.40.x anterior a 1.40.1. Los nombres de usuario de usuarios ocultos est\u00e1n expuestos."
    }
  ],
  "id": "CVE-2023-45369",
  "lastModified": "2024-11-21T08:26:49.963",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T06:15:09.387",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T344359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T344359"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-24 02:15

Modified

2024-11-21 06:32

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd	Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
cve@mitre.org	https://phabricator.wikimedia.org/T297570	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297570	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C47D85-B046-4EF2-AA03-69B0646A5C3D",
              "versionEndIncluding": "1.37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones hasta 1.37, un ataque de tipo XSS puede ocurrir en Wikibase porque una propiedad de identificador externo puede tener un formato de URL que incluye un marcador de sustituci\u00f3n de formato $1, y el esquema javascript: URL (entre otros) puede ser usado"
    }
  ],
  "id": "CVE-2021-45472",
  "lastModified": "2024-11-21T06:32:16.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-24T02:15:07.350",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297570"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-16 09:58

Modified

2024-11-21 02:04

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.

References

URL	Tags
cve@mitre.org	http://seclists.org/fulldisclosure/2014/Mar/102	Mailing List, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/66141	Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/91847	Third Party Advisory, VDB Entry
cve@mitre.org	https://packetstormsecurity.com/files/125682	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Mar/102	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66141	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/91847	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/125682	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.18.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation."
    },
    {
      "lang": "es",
      "value": "MediaWiki 1.18.0 permite que atacantes remotos obtengan la ruta de instalaci\u00f3n mediante vectores relacionados con la creaci\u00f3n de miniaturas."
    }
  ],
  "id": "CVE-2014-1686",
  "lastModified": "2024-11-21T02:04:49.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-16T09:58:00.493",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Mar/102"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/66141"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/125682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Mar/102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/66141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/125682"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-20 17:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

References

URL	Tags
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T139670	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T139670	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights."
    },
    {
      "lang": "es",
      "value": "MediaWiki 1.27.x en versiones anteriores a 1.27.1 podr\u00eda permitir a los atacantes remotos eludir las restricciones destinadas al acceso de sesi\u00f3n aprovechando una llamada a la funci\u00f3n UserGetRights despu\u00e9s de Session::getAllowedUserRights."
    }
  ],
  "id": "CVE-2016-6337",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.790",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T139670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T139670"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-12-11 02:15

Modified

2024-11-21 04:35

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8	Exploit, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T239466	Exploit, Vendor Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Dec/48	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4592	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T239466	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Dec/48	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4592	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D6A434-ABEB-45F9-A397-03BE0488DEF4",
              "versionEndIncluding": "1.33.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones hasta 1.33.1, permite a atacantes omitir el mecanismo de protecci\u00f3n Title_blacklist al iniciar con un t\u00edtulo arbitrario, estableciendo un redireccionamiento no resoluble para la p\u00e1gina asociada y usando redirect=1 en la API action cuando se edita esa p\u00e1gina."
    }
  ],
  "id": "CVE-2019-19709",
  "lastModified": "2024-11-21T04:35:14.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-11T02:15:14.810",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T239466"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Dec/48"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T239466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Dec/48"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4592"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-12 13:30

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
secalert@redhat.com	http://osvdb.org/96907
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553	Patch
secalert@redhat.com	http://www.securityfocus.com/bid/62201	Patch
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=53472	Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86892
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96907
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62201	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=53472	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86892

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the \"In other languages\" section or (2) remote administrators to inject arbitrary web script or HTML via a description."
    },
    {
      "lang": "es",
      "value": "Multiples vulnerabilidades XSS en repo/includes/EntityView.php en la extensi\u00f3n de Wikibase para MediaWiki 1.19.x anteriores a 1.19.8, 1.20.x anteriores a 1.20.7, y 1.21.x anteriores a 1.21.2 permite (1) a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de una etiqueta en la secci\u00f3n \"In other languages\" o (2) a administradores remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de una descripci\u00f3n."
    }
  ],
  "id": "CVE-2013-4307",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-12T13:30:39.443",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/96907"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/62201"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/62201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86892"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.

References

URL	Tags
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=275099
cve@mitre.org	http://www.securityfocus.com/bid/11416	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=275099
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11416	Patch

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance."
    }
  ],
  "id": "CVE-2004-2186",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11416"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-03-30 06:15

Modified

2024-11-21 06:56

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/
cve@mitre.org	https://phabricator.wikimedia.org/T297543	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
cve@mitre.org	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297543	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	36
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAA4B58-74B7-4923-B1C0-D731C74DC523",
              "versionEndExcluding": "1.35.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E9D20-2900-4932-B5F3-82624754EED7",
              "versionEndExcluding": "1.36.4",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E0A6AA3-FD23-4C90-ACFC-57699A24BA94",
              "versionEndExcluding": "1.37.2",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema de tipo XSS en MediaWiki versiones anteriores a 1.35.6, versiones 1.36.x anteriores a 1.36.4 y versiones 1.37.x anteriores a 1.37.2. Las propiedades widthheight, widthheightpage y nbytes de los mensajes no son escapadas cuando son usadas en galer\u00edas o en Special:RevisionDelete"
    }
  ],
  "id": "CVE-2022-28202",
  "lastModified": "2024-11-21T06:56:56.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-30T06:15:06.980",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297543"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-13 18:07

Modified

2025-04-11 00:51

Severity ?

Summary

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	secalert@redhat.com	http://secunia.com/advisories/57472
	secalert@redhat.com	http://www.debian.org/security/2014/dsa-2891
	secalert@redhat.com	http://www.securityfocus.com/bid/63760
	secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57472
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2891
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/63760
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=55332

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BDF753-A81D-46F4-BD23-84AE2C4F15EF",
              "versionEndIncluding": "1.19.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \\b (backspace) character in CSS."
    },
    {
      "lang": "es",
      "value": "Vulenrabilidad de lista negra incompleta en Sanitizer::checkCss en MediaWiki anterior a 1.19.9, 1.20.x anterior a 1.20.8 y 1.21.x anterior a 1.21.3 que permite a atacantes remotos realizar cross-site scripting (XSS) a trav\u00e9s de un \\b (retroceso car\u00e1cter) en el CSS."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\n\n\"CWE-184: Incomplete Blacklist\"",
  "id": "CVE-2013-4567",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-13T18:07:54.063",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/63760"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/63760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-20 17:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T139565	Third Party Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T139570	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T139565	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T139570	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.26.0
mediawiki	mediawiki	1.26.1
mediawiki	mediawiki	1.26.2
mediawiki	mediawiki	1.26.3
mediawiki	mediawiki	1.26.4
mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
              "versionEndIncluding": "1.23.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4, y 1.27.x en versiones anteriores a 1.27.1 no genera elementos de cabecera en el contexto de un t\u00edtulo dado, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una acci\u00f3n de an\u00e1lisis a api.php."
    }
  ],
  "id": "CVE-2016-6335",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.697",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T139565"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T139570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T139565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T139570"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-05-05 19:15

Modified

2025-06-17 16:37

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Summary

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T355538	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T355538	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7984F542-C63D-4EF4-AE5E-896A873F70A9",
              "versionEndExcluding": "1.39.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0B3FE6-989A-48FC-B482-BA4BDAC758FE",
              "versionEndExcluding": "1.40.3",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "314B0F2D-27BD-486B-B528-FD8A7AAE53E6",
              "versionEndExcluding": "1.41.1",
              "versionStartIncluding": "1.41.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en include/CommentFormatter/CommentParser.php en MediaWiki antes de 1.39.7, 1.40.x antes de 1.40.3 y 1.41.x antes de 1.41.1. XSS puede ocurrir debido a un mal manejo del car\u00e1cter 0x1b, como lo demuestra Special:RecentChanges#%1b0000000."
    }
  ],
  "id": "CVE-2024-34507",
  "lastModified": "2025-06-17T16:37:39.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-05T19:15:07.307",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T355538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T355538"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 no limpia debidamente archivos SVG, lo que permite a atacantes remotos tener impacto no especificado a trav\u00e9s de XML inv\u00e1lido."
    }
  ],
  "id": "CVE-2013-6453",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-12T14:55:06.227",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-12-26 05:15

Modified

2025-04-14 16:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T293589	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T293589	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0B3400A0-D77C-45D4-8868-73AF0B82B6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F533BF3B-6FBC-4CA6-A645-A321E20B9804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7CBE66AB-8BE5-4A96-9B90-8F3238AE7CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "18A9BF2D-7DDF-4C9D-838A-D8BA511A2CD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. Hay XSS almacenado a ciegas a trav\u00e9s de una URL a la funci\u00f3n Cargar imagen."
    }
  ],
  "id": "CVE-2021-44855",
  "lastModified": "2025-04-14T16:15:18.363",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-26T05:15:10.740",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293589"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T293589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-09-26 02:15

Modified

2024-11-21 04:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/
cve@mitre.org	https://phabricator.wikimedia.org/T230402	Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Oct/32	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4545	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T230402	Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Oct/32	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4545	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
fedoraproject	fedora	30
fedoraproject	fedora	31
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56809FD3-CA78-45B3-B280-BEFA0E46C27F",
              "versionEndIncluding": "1.33.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones hasta 1.33.0, Special:Redirect permite la divulgaci\u00f3n de informaci\u00f3n de nombres de usuario suprimidos por medio de una B\u00fasqueda de ID de Usuario."
    }
  ],
  "id": "CVE-2019-16738",
  "lastModified": "2024-11-21T04:31:05.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-26T02:15:10.833",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T230402"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Oct/32"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T230402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Oct/32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4545"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-24 02:15

Modified

2024-11-21 06:32

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9	Third Party Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c	Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
cve@mitre.org	https://phabricator.wikimedia.org/T296578	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T296578	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C47D85-B046-4EF2-AA03-69B0646A5C3D",
              "versionEndIncluding": "1.37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones hasta 1.37, las direcciones IP bloqueadas pueden editar elementos de EntitySchema"
    }
  ],
  "id": "CVE-2021-45471",
  "lastModified": "2024-11-21T06:32:16.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-24T02:15:07.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T296578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T296578"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 06:15

Modified

2024-11-21 08:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T345064	Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T345064	Issue Tracking, Permissions Required

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n de Wikibase para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. No hay l\u00edmite de tarifa para fusionar art\u00edculos."
    }
  ],
  "id": "CVE-2023-45371",
  "lastModified": "2024-11-21T08:26:50.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T06:15:10.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T345064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T345064"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-04 21:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1031301
cve@mitre.org	http://www.openwall.com/lists/oss-security/2014/12/03/9
cve@mitre.org	http://www.openwall.com/lists/oss-security/2014/12/04/16
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T73111
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1031301
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/03/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/04/16
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T73111

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27381EF3-7ACE-4C9C-A609-40EA8584A21B",
              "versionEndIncluding": "1.19.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en la p\u00e1gina Special:ExpandedTemplates en MediaWiki anterior a 1.19.22, 1.20.x hasta 1.22.xanterior a 1.22.14, y 1.23.x anterior a 1.23.7, cuando $wgRawHTML est\u00e1 configurado a verdadero, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios con permisos para editar para solicitudes que realizan ataques de XSS a trav\u00e9s del par\u00e1metro wpInput, lo que no se maneja correctamente en la previsualizaci\u00f3n."
    }
  ],
  "id": "CVE-2014-9276",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-04T21:59:01.353",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1031301"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T73111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1031301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T73111"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-06-06 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.

References

URL	Tags
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=332231	Patch, Vendor Advisory
cve@mitre.org	http://www.novell.com/linux/security/advisories/2005_19_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/13861	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=332231	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2005_19_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/13861	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	stable_2003-08-29
mediawiki	mediawiki	stable_2003-11-07
mediawiki	mediawiki	stable_2003-11-17

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-08-29:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5450893-4658-45F8-8512-379CEA43696C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-11-07:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02DACFF-7D0B-436C-A794-F123EFE97137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-11-17:*:*:*:*:*:*:*",
              "matchCriteriaId": "258C9027-175D-48A8-830C-2D92CCCC6B3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates."
    }
  ],
  "id": "CVE-2005-1888",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-06-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=332231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/13861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=332231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/13861"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-07-27 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/15950
cve@mitre.org	http://secunia.com/advisories/16130
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200507-18.xml	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/17763
cve@mitre.org	http://www.securityfocus.com/bid/14327	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/21491
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/15950
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/16130
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200507-18.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/17763
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/14327	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/21491

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados en MediaWiki 1.4.6 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante un par\u00e1metro a la plantilla de mover p\u00e1gina."
    }
  ],
  "id": "CVE-2005-2396",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-07-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/15950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/16130"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200507-18.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/17763"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/14327"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/15950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/16130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200507-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/17763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/14327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21491"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-10 14:11

Modified

2024-11-21 06:33

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T292795	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T292795	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. Special:CheckUserLog permite el XSS de CheckUser debido a un manejo inapropiado de la fecha, como lo demuestra una carga \u00fatil de tipo XSS en MediaWiki:October"
    }
  ],
  "id": "CVE-2021-46150",
  "lastModified": "2024-11-21T06:33:41.707",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:11:29.430",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T292795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T292795"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-23 20:59

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T115522	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T115522	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.24.4
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2
mediawiki	mediawiki	1.25.3
mediawiki	mediawiki	1.26.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3971880B-BD50-4E3D-96F0-D07F60D59923",
              "versionEndIncluding": "1.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92AA40C-3E9A-44E6-9833-06853B5BF453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CCAC6ED-C3F5-4D8E-922B-FAA481210C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n User::randomPassword en MediaWiki en versiones anteriores a 1.23.12, 1.24.x en versiones anteriores a 1.24.5, 1.25.x en versiones anteriores a 1.25.4 y 1.26.x en versiones anteriores a 1.26.1 genera contrase\u00f1as m\u00e1s peque\u00f1as que $wgMinimalPasswordLength, lo que hace m\u00e1s f\u00e1cil a atacantes remotos eludir restricciones destinadas al acceso a trav\u00e9s de un ataque de fuerza bruta."
    }
  ],
  "id": "CVE-2015-8626",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-23T20:59:00.610",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T115522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T115522"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-29 16:15

Modified

2024-11-26 20:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T331311	Exploit, Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T331311	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs."
    }
  ],
  "id": "CVE-2023-37256",
  "lastModified": "2024-11-26T20:15:22.663",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-29T16:15:10.087",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T331311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T331311"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-06 21:15

Modified

2024-11-21 06:27

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T290692	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T290692	Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en SpecialEditGrowthConfig en la extensi\u00f3n GrowthExperiments en MediaWiki versiones hasta 1.36.2. El mensaje growthexperiments-edit-config-error-invalid-title de MediaWiki no estaba siendo saneado apropiadamente y permit\u00eda una inyecci\u00f3n y ejecuci\u00f3n de HTML y JavaScript"
    }
  ],
  "id": "CVE-2021-42042",
  "lastModified": "2024-11-21T06:27:07.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-06T21:15:07.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T290692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T290692"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-09 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
secalert@redhat.com	http://osvdb.org/80363
secalert@redhat.com	http://secunia.com/advisories/48504	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/22/9
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/24/1
secalert@redhat.com	http://www.securityfocus.com/bid/52689
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=35315
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74288
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80363
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48504	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/22/9
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/24/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52689
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=35315
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74288

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.0
mediawiki	mediawiki	1.17.1
mediawiki	mediawiki	1.17.2
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AC7B4F-6AE2-4FCC-80DA-0D068E479853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "57F3C3BF-CA6A-4BCC-83CE-32560F0A437D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D1B676-AE23-4FC5-8466-EB44B8F756CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C3B8FFB-25AD-4165-8C87-DBF5977572FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E0CED2-EF96-4052-A4BC-4657163B4FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8D954D-484E-4DAA-8E0E-6CEAC17BBA22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el analizador wikitext en MediaWiki v1.17.x antes de v1.17.3 y v1.18.x antes de v1.18.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una p\u00e1gina dise\u00f1ada con \"forged strip item markers\", como se demuestra con la extensi\u00f3n CharInsert."
    }
  ],
  "id": "CVE-2012-1582",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-09T21:55:06.183",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/80363"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-03-18 16:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T326866	Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T326866	Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)"
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki hasta 1.42.1. La funci\u00f3n Special:Investigate puede exponer informaci\u00f3n suprimida para eventos de registro. (TimelineService no admite la supresi\u00f3n adecuada)."
    }
  ],
  "id": "CVE-2024-40596",
  "lastModified": "2025-03-18T16:15:22.477",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.067",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T326866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T326866"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-03-30 07:15

Modified

2024-11-21 06:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T302248	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T302248	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78A6052-5AA3-4B3F-8A76-EEBDD5F50520",
              "versionEndIncluding": "1.37.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones hasta 1.37.1. La extensi\u00f3n CentralAuth maneja inapropiadamente un problema de ttl para grupos que expiran en el futuro"
    }
  ],
  "id": "CVE-2022-28205",
  "lastModified": "2024-11-21T06:56:57.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-30T07:15:07.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T302248"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T302248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-15 08:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
security@debian.org	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
mediawiki	mediawiki	1.28.2
mediawiki	mediawiki	1.29.0
mediawiki	mediawiki	1.29.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17",
              "versionEndIncluding": "1.27.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2 tiene XSS cuando la configuraci\u00f3n $wgShowExceptionDetails es falso y el navegador env\u00eda un escape de URL no est\u00e1ndar."
    }
  ],
  "id": "CVE-2017-8808",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T08:29:00.610",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 15:15

Modified

2024-11-21 04:22

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/	Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T197279	Patch, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T197279	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACCC7A3D-0B24-4B39-B440-0E88DB67FBFD",
              "versionEndIncluding": "1.32.1",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de control de acceso incorrecto en MediaWiki versiones 1.27.0 hasta 1.32.1 de Wikimedia. Un POSTING directamente en Special:ChangeEmail permitir\u00eda omitir la re-autenticaci\u00f3n, permitiendo una potencial toma de control de una cuenta."
    }
  ],
  "id": "CVE-2019-12468",
  "lastModified": "2024-11-21T04:22:55.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T15:15:12.430",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T197279"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T197279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 05:15

Modified

2024-11-21 08:26

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T344923	Exploit, Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T344923	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Un usuario puede usar una URL rest.php/checkuser/v0/useragent-clienthints/revision/ para almacenar un n\u00famero arbitrario de filas en cu_useragent_clienthints, lo que lleva a una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2023-45367",
  "lastModified": "2024-11-21T08:26:49.807",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T05:15:09.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T344923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T344923"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-01-25 16:00

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html
cve@mitre.org	http://secunia.com/advisories/28629	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29266
cve@mitre.org	http://www.securityfocus.com/bid/28137
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0280
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39901
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28629	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29266
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28137
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0280
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39901
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0rc1
mediawiki	mediawiki_botquery_ext	*
microsoft	internet_explorer	*
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki_botquery_ext	*
microsoft	internet_explorer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7056339-F0BC-4960-9ED2-68043000EAE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki_botquery_ext:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6340F8D0-6F03-4664-ABAA-438AD195FC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki_botquery_ext:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6340F8D0-6F03-4664-ABAA-438AD195FC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el fichero api.php de (1)MediaWiki 1.11 hasta  1.11.0rc1, 1.10 hasta 1.10.2, 1.9 hasta 1.9.4, y 1.8; y de (2) la extensi\u00f3n BotQuery para MediaWiki 1.7 y anteriores; cuando se est\u00e1 usando Internet Explorer, permite a atacantes remotos inyectar, a su elecci\u00f3n, c\u00f3digo web o HTML a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2008-0460",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-01-25T16:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28629"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29266"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0280"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39901"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-05-26 01:06

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.

References

URL	Tags
cve@mitre.org	http://bugzilla.wikimedia.org/show_bug.cgi?id=6055	Exploit, Patch
cve@mitre.org	http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html	Exploit
cve@mitre.org	http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html	Patch
cve@mitre.org	http://nickj.org/MediaWiki
cve@mitre.org	http://secunia.com/advisories/20189	Patch, Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349	Patch
cve@mitre.org	http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349	Patch
cve@mitre.org	http://www.osvdb.org/25713
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1926
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26646
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.wikimedia.org/show_bug.cgi?id=6055	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://nickj.org/MediaWiki
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20189	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349	Patch
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25713
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1926
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26646

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	mediawiki	mediawiki	1.6.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA2CC68-D27E-4087-8888-D6695A052F2D",
              "versionEndIncluding": "1.6.5_r14348",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character."
    }
  ],
  "id": "CVE-2006-2611",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-26T01:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://nickj.org/MediaWiki"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349\u0026r2=14348\u0026pathrev=14349"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=14349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1926"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://nickj.org/MediaWiki"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349\u0026r2=14348\u0026pathrev=14349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=14349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-03-14 14:15

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T361452	Exploit, Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T361452	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en el aspecto Foreground de MediaWiki hasta la versi\u00f3n 1.42.1. Hay XSS almacenado a trav\u00e9s de MediaWiki: entradas del men\u00fa de nivel superior de la barra lateral."
    }
  ],
  "id": "CVE-2024-40605",
  "lastModified": "2025-03-14T14:15:16.200",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.770",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361452"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-11 08:15

Modified

2024-11-21 06:26

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
cve@mitre.org	https://phabricator.wikimedia.org/T279090	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T279090	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC827F04-7E76-48F2-A8BA-9E96DCDA3C50",
              "versionEndExcluding": "1.31.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B966171C-283A-4737-9C67-C0403A5AFC4D",
              "versionEndExcluding": "1.35.4",
              "versionStartIncluding": "1.35.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3886DDF9-C196-42A0-B6C5-B71E8A209995",
              "versionEndExcluding": "1.36.2",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)"
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n ReplaceText hasta la 1.41 para MediaWiki presenta un Control de Acceso Incorrecto. Cuando un usuario est\u00e1 bloqueado despu\u00e9s de enviar un trabajo de reemplazo, el trabajo se sigue ejecutando, incluso si es posible ejecutar en un momento posterior (debido a una cola de espera de trabajos)"
    }
  ],
  "id": "CVE-2021-41801",
  "lastModified": "2024-11-21T06:26:47.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-11T08:15:06.857",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T279090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T279090"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-06 07:15

Modified

2024-11-21 06:03

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
cve@mitre.org	https://phabricator.wikimedia.org/T278014	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T278014	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	10.0
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3291BAE5-6903-463D-9750-7D0B6FAD911A",
              "versionEndExcluding": "1.31.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x anteriores a 1.35.2.\u0026#xa0;En Special: NewFiles, todos los mensajes mediastatistics-header-* son generados en HTML sin escape, conllevando a una vulnerabilidad de tipo XSS"
    }
  ],
  "id": "CVE-2021-30154",
  "lastModified": "2024-11-21T06:03:24.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-06T07:15:12.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T278014"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T278014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un atributo -o-link."
    }
  ],
  "id": "CVE-2013-6454",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-12T14:55:06.307",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-05-05 19:15

Modified

2025-06-17 16:40

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T357760	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T357760	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7984F542-C63D-4EF4-AE5E-896A873F70A9",
              "versionEndExcluding": "1.39.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0B3FE6-989A-48FC-B482-BA4BDAC758FE",
              "versionEndExcluding": "1.40.3",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "314B0F2D-27BD-486B-B528-FD8A7AAE53E6",
              "versionEndExcluding": "1.41.1",
              "versionStartIncluding": "1.41.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en include/specials/SpecialMovePage.php en MediaWiki antes de 1.39.7, 1.40.x antes de 1.40.3 y 1.41.x antes de 1.41.1. Si un usuario con los derechos necesarios para mover la p\u00e1gina abre Special:MovePage para una p\u00e1gina con decenas de miles de subp\u00e1ginas, entonces la p\u00e1gina exceder\u00e1 el tiempo m\u00e1ximo de solicitud, lo que provocar\u00e1 una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2024-34506",
  "lastModified": "2025-06-17T16:40:07.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-05T19:15:07.253",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T357760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T357760"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-11-20 20:15

Modified

2024-11-21 01:50

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

References

URL	Tags
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/03/05/4	Mailing List, Release Notes, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/58305	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/88359	Third Party Advisory, VDB Entry
secalert@redhat.com	https://security-tracker.debian.org/tracker/CVE-2013-1817	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/03/05/4	Mailing List, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/58305	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/88359	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2013-1817	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
redhat	enterprise_linux	6.0
fedoraproject	fedora	18

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09816CD2-0C21-487F-9D5D-3849C381047A",
              "versionEndExcluding": "1.19.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7574FF8-7F85-4AFC-AE2E-FFC5BE134B36",
              "versionEndExcluding": "1.20.3",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a la versi\u00f3n  1.19.4 y versiones 1.20.x anteriores a la versi\u00f3n  1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener informaci\u00f3n confidencial."
    }
  ],
  "id": "CVE-2013-1817",
  "lastModified": "2024-11-21T01:50:26.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-20T20:15:11.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/58305"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-1817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/58305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-1817"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-11-09 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1034028
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T108616	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034028
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T108616	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1",
              "versionEndIncluding": "1.23.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 utiliza el argumento de l\u00ednea de comando thumbnail ImageMagick, lo que permite atacantes remotos obtener la ruta de instalaci\u00f3n leyendo los metadatos de un archivo thumbnail PNG."
    }
  ],
  "id": "CVE-2015-8005",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-09T18:59:04.883",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T108616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T108616"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-29 03:15

Modified

2024-11-21 06:27

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T289385	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T289385	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en SecurePoll en la extensi\u00f3n Growth en MediaWiki versiones hasta 1.36.2. Las encuestas simples permiten a los usuarios crear alertas cambiando su encabezado HTTP User-Agent y enviando un voto"
    }
  ],
  "id": "CVE-2021-42045",
  "lastModified": "2024-11-21T06:27:07.830",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-29T03:15:14.533",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289385"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-18 08:15

Modified

2024-11-21 05:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T268938	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T268938	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B37E81D0-B743-405A-BB5B-D967A50B7A12",
              "versionEndExcluding": "1.35.1",
              "versionStartIncluding": "1.33.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.35.1, permite un ataque de tipo XSS por medio del archivo BlockLogFormatter.php.\u0026#xa0;MediaWiki:blanknamespace puede ser generado potencialmente como HTML sin procesar con etiquetas SCRIPT por medio de la funci\u00f3n LogFormatter::makePageLink().\u0026#xa0;Esto afecta a MediaWiki versiones 1.33.0 y posteriores"
    }
  ],
  "id": "CVE-2020-35478",
  "lastModified": "2024-11-21T05:27:22.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-18T08:15:15.293",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268938"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-12 06:15

Modified

2025-06-03 14:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/	Patch, Release Notes
cve@mitre.org	https://phabricator.wikimedia.org/T348979	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/	Patch, Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T348979	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4230F0A0-3665-4881-AC77-D7E2C4FC9734",
              "versionEndExcluding": "1.40.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n WatchAnalytics en MediaWiki antes de la versi\u00f3n 1.40.2. XSS puede ocurrir a trav\u00e9s del par\u00e1metro de p\u00e1gina Special:PageStatistics."
    }
  ],
  "id": "CVE-2024-23177",
  "lastModified": "2025-06-03T14:15:46.497",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-12T06:15:47.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes"
      ],
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T348979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes"
      ],
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T348979"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-10-04 20:29

Modified

2024-11-21 03:38

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3238
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3813
security@debian.org	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T187638	Patch, Third Party Advisory
security@debian.org	https://www.debian.org/security/2018/dsa-4301	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3238
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3813
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T187638	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4301	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.27.5
mediawiki	mediawiki	1.29.3
mediawiki	mediawiki	1.30.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2A2066-8996-48B5-A5F8-E08443D24B7A",
              "versionEndExcluding": "1.31.1",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E2BE13-CEE0-42ED-BC24-C5ED4EDBAF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD65E2E1-4634-4AE4-9631-4C3352991263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F24125C-A1AD-4CED-953F-E2D942AB02FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid"
    },
    {
      "lang": "es",
      "value": "Mediawiki en versiones 1.31 anteriores a la 1.31.1, 1.30.1, 1.29.3 y 1.27.5 contiene un fallo de divulgaci\u00f3n de informaci\u00f3n en Special:Redirect/logid."
    }
  ],
  "id": "CVE-2018-0504",
  "lastModified": "2024-11-21T03:38:22.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-04T20:29:00.513",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3238"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3813"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T187638"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T187638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4301"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-02 15:55

Modified

2025-04-12 10:46

Severity ?

Summary

maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.

References

▶	URL	Tags
	secalert@redhat.com	http://www.mediawiki.org/wiki/Release_notes/1.20
	secalert@redhat.com	http://www.securityfocus.com/bid/58304
	secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=45355
	secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/88363
	af854a3a-2127-422b-91ae-364da2661108	http://www.mediawiki.org/wiki/Release_notes/1.20
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/58304
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=45355
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/88363

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BE8272E-2C3B-425E-8474-F63D2BBC2A0B",
              "versionEndIncluding": "1.20.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "maintenance/mwdoc-filter.php en MediaWiki anterior a 1.20.3 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-1818",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-02T15:55:09.497",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mediawiki.org/wiki/Release_notes/1.20"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/58304"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45355"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mediawiki.org/wiki/Release_notes/1.20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/58304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88363"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-12-06 11:03

Modified

2025-04-03 01:03

Severity ?

Summary

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/17866	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/392156	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/15703	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2726
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17866	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/392156	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15703	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2726

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5_alpha1
mediawiki	mediawiki	1.5_alpha2
mediawiki	mediawiki	1.5_beta1
mediawiki	mediawiki	1.5_beta2
mediawiki	mediawiki	1.5_beta3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28DC19-7E6A-4CC7-86A9-10EA9FD79FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD296DF-21C6-43E4-AC4D-8F57220ECDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AD23BE-5400-43D8-A667-7AE60B0500B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AFE2FA-CAE0-42C3-AA84-4F8D59045A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9703151E-85D7-4F81-AFB5-5BC72C44D81A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the \"user language option,\" which is used as part of a dynamic class name that is processed using the eval function."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMediaWiki, MediaWiki, 1.5.3",
  "id": "CVE-2005-4031",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-06T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17866"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=375755"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/392156"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15703"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=375755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/392156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2726"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-29 03:15

Modified

2024-11-21 06:27

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T286884	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T286884	Permissions Required, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n Translate de MediaWiki a partir de la versi\u00f3n 1.36.2. Los supervisores no pueden deshacer las revisiones o la supervisi\u00f3n de las p\u00e1ginas en las que han suprimido informaci\u00f3n (como PII). Esto permite a supervisores blanquear las revisiones"
    }
  ],
  "id": "CVE-2021-42049",
  "lastModified": "2024-11-21T06:27:08.443",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-29T03:15:14.763",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T286884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T286884"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-07-02 20:15

Modified

2024-11-21 07:10

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
cve@mitre.org	https://phabricator.wikimedia.org/T308473	Issue Tracking, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
cve@mitre.org	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T308473	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5246	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.38.0
mediawiki	mediawiki	1.38.0
mediawiki	mediawiki	1.38.0
fedoraproject	fedora	36
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E8296B-0A24-4DE1-8B96-D1EE1C73826E",
              "versionEndExcluding": "1.37.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.38.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B110D8C5-7251-4CAF-B66D-73C891D6FBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.38.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "FC165C86-E90B-4854-8CC1-14BF58D46B23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.38.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B9682453-AA16-4681-A019-C13931293D62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won\u0027t be escaped."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en MediaWiki versiones anteriores a 1.37.3 y en versiones 1.38.x anteriores a 1.38.1. El contributions-title, usa en Special:Contributions, es usadao como t\u00edtulo de la p\u00e1gina sin escapar. Por lo tanto, en una configuraci\u00f3n no predeterminada donde un nombre de usuario contiene entidades HTML, no ser\u00e1 escapado"
    }
  ],
  "id": "CVE-2022-34912",
  "lastModified": "2024-11-21T07:10:25.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-02T20:15:08.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T308473"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T308473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-03-31 19:15

Modified

2025-02-14 20:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T326293	Patch
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T326293	Patch
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://phabricator.wikimedia.org/T326293	Patch

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout)."
    }
  ],
  "id": "CVE-2023-29139",
  "lastModified": "2025-02-14T20:15:33.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-31T19:15:07.470",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T326293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T326293"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Patch"
      ],
      "url": "https://phabricator.wikimedia.org/T326293"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-07-07 00:15

Modified

2025-03-20 21:15

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T361448	Exploit, Issue Tracking
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T361448	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED70437F-2E16-47AE-AA89-A497DCC3C8EC",
              "versionEndIncluding": "1.42.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 un problema en el aspecto GuMaxDD para MediaWiki hasta 1.42.1. Hay XSS almacenado a trav\u00e9s de MediaWiki: entradas del men\u00fa de nivel superior de la barra lateral."
    }
  ],
  "id": "CVE-2024-40599",
  "lastModified": "2025-03-20T21:15:20.970",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-07T00:15:10.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T361448"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-20 17:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T115333	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T115333	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.26.0
mediawiki	mediawiki	1.26.1
mediawiki	mediawiki	1.26.2
mediawiki	mediawiki	1.26.3
mediawiki	mediawiki	1.26.4
mediawiki	mediawiki	1.27.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
              "versionEndIncluding": "1.23.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php."
    },
    {
      "lang": "es",
      "value": "ApiParse en MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4 y 1.27.x en versiones anteriores a 1.27.1 permite a atacantes remotos eludir las restricciones de lectura previstas por t\u00edtulo a trav\u00e9s de una acci\u00f3n de an\u00e1lisis a api.php."
    }
  ],
  "id": "CVE-2016-6331",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-20T17:59:00.557",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T115333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T115333"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T85851	Exploit
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T85851	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9 y 1.24.x anterior a 1.24.2, cuando se utiliza HHVM, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un parametro inv\u00e1lido en una petici\u00f3n con formato wddx hacia api.php, lo cual no se maneja debidamente en un mensaje de error, relacionado con llamadas no seguras hacia wddx_serialize_value."
    }
  ],
  "id": "CVE-2015-2941",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:14.460",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T85851"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T85851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T125177	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0361	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T125177	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0361	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error de divulgaci\u00f3n de informaci\u00f3n en el que api.log podr\u00eda contener contrase\u00f1as en texto plano."
    }
  ],
  "id": "CVE-2017-0361",
  "lastModified": "2024-11-21T03:02:50.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.283",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T125177"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T125177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0361"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-21 23:15

Modified

2024-11-21 05:27

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T269718	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T269718	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC439F7D-8255-455F-A22C-2A6B655392D7",
              "versionEndIncluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \\MediaWiki\\Shell\\Shell::command within a comment."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n Widgets para MediaWiki versiones hasta 1.35.1.\u0026#xa0;Cualquier usuario con la capacidad de editar p\u00e1ginas dentro del espacio de nombres de Widgets podr\u00eda llamar a cualquier funci\u00f3n est\u00e1tica dentro de cualquier clase (definida en PHP o MediaWiki) por medio de un comentario HTML dise\u00f1ado, relacionado con una plantilla Smarty.\u0026#xa0;Por ejemplo, una persona del grupo Widget Editors podr\u00eda usar \\MediaWiki\\Shell\\Shell::command dentro de un comentario"
    }
  ],
  "id": "CVE-2020-35625",
  "lastModified": "2024-11-21T05:27:43.503",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T23:15:12.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T269718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T269718"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-11-25 19:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	Patch
secalert@redhat.com	http://secunia.com/advisories/55754	Vendor Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=55991	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55754	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=55991	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the \"to\" parameter to index.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la extensi\u00f3n ZeroRatedMobileAccess para MediaWiki 1.19.x anterior a la versi\u00f3n 1.19.9, 1.20.x anterior a 1.20.8, y 1.21.x anterior a la versi\u00f3n 1.21.3 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro \"to\" hacia index.php."
    }
  ],
  "id": "CVE-2013-4573",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-11-25T19:55:03.280",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55754"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55991"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-10-19 21:29

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

References

URL	Tags
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=853440	Issue Tracking
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T41824	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=853440	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T41824	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03517F3-5555-4DCF-A5BD-15B2AF03C970",
              "versionEndIncluding": "1.18.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "MediaWiki, en versiones anteriores a la 1.18.5 y versiones 1.19.x anteriores a la 1.19.2, permite que atacantes remotos omitan el bloqueo de direcciones IP de la extensi\u00f3n GlobalBlocking y creen una cuenta mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2012-4380",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T21:29:00.250",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853440"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41824"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-17 04:15

Modified

2024-11-21 06:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T297322	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
cve@mitre.org	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T297322	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5950CA7B-C437-4162-A8C5-5F31625145A8",
              "versionEndExcluding": "1.37.1",
              "versionStartIncluding": "1.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn\u0027t have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, versiones 1.36.x anteriores a 1.36.3 y versiones 1.37.x anteriores a 1.37.1. Es posible usar action=mcrundo seguido de action=mcrrestore para reemplazar el contenido de cualquier p\u00e1gina arbitraria (para la que el usuario no tenga derechos de edici\u00f3n). Esto se aplica a cualquier wiki p\u00fablico, o a un wiki privado que tenga al menos una p\u00e1gina establecida en $wgWhitelistRead"
    }
  ],
  "id": "CVE-2021-44857",
  "lastModified": "2024-11-21T06:31:37.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-17T04:15:39.137",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297322"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T297322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-28 15:15

Modified

2024-11-21 01:59

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD89BE0F-27F6-4550-816C-78645DA93431",
              "versionEndExcluding": "1.19.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084F0F91-851A-4EC5-AEEE-15CAB104E58B",
              "versionEndExcluding": "1.21.4",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18AC051-E349-4B6E-B4E1-7C33AC78115A",
              "versionEndExcluding": "1.22.1",
              "versionStartIncluding": "1.22.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n CentralAuth para MediaWiki versiones anteriores a 1.19.10, versiones 1.2x anteriores a 1.21.4 y versiones 1.22.x anteriores a 1.22.1, permite a atacantes remotos obtener nombres de usuario por medio de vectores relacionados con la escritura de los nombres en el DOM de una p\u00e1gina."
    }
  ],
  "id": "CVE-2013-6455",
  "lastModified": "2024-11-21T01:59:15.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-28T15:15:14.703",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-06 07:15

Modified

2024-11-21 06:03

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
cve@mitre.org	https://phabricator.wikimedia.org/T278058	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T278058	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	10.0
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3291BAE5-6903-463D-9750-7D0B6FAD911A",
              "versionEndExcluding": "1.31.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x versiones anteriores a 1.35.2.\u0026#xa0;En las p\u00e1ginas especiales de ChangesList, como Special:RecentChanges y Special:Watchlist, algunos de los mensajes de etiqueta rcfilters-filter-* son generados en HTML sin escape, conllevando a una vulnerabilidad de tipo XSS"
    }
  ],
  "id": "CVE-2021-30157",
  "lastModified": "2024-11-21T06:03:25.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-06T07:15:12.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T278058"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T278058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 06:15

Modified

2024-11-21 08:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T345064	Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T345064	Issue Tracking, Permissions Required

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter)."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n de Wikibase para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Durante la combinaci\u00f3n de elementos, ItemMergeInteractor no tiene ning\u00fan filtro de edici\u00f3n en ejecuci\u00f3n (por ejemplo, AbuseFilter)."
    }
  ],
  "id": "CVE-2023-45372",
  "lastModified": "2024-11-21T08:26:50.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T06:15:10.607",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T345064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T345064"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T71367	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T71367	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki versiones hasta 1.35.2.\u0026#xa0;El page_recent_contributors filtr\u00f3 la existencia de determinados nombres de usuario de MediaWiki eliminados, relacionados con rev_deleted"
    }
  ],
  "id": "CVE-2021-31545",
  "lastModified": "2024-11-21T06:05:52.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:07.937",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T71367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T71367"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-29 04:15

Modified

2024-11-21 06:59

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416	Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T306290	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T306290	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FFFEA4-A471-43C1-870B-10960DE725CF",
              "versionEndIncluding": "1.37.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension\u0027s configuration. The attacker must trigger a POST request to Special:PrivateDomains."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n Private Domains para MediaWiki versiones hasta 1.37.2, (anteriores a 1ad65d4c1c199b375ea80988d99ab51ae068f766) permite una vulnerabilidad de tipo CSRF para la edici\u00f3n de p\u00e1ginas que almacenan la configuraci\u00f3n de la extensi\u00f3n. El atacante debe lanzar una petici\u00f3n POST a Special:PrivateDomains"
    }
  ],
  "id": "CVE-2022-29903",
  "lastModified": "2024-11-21T06:59:56.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-29T04:15:10.073",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T306290"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=110321710420059&w=2
cve@mitre.org	http://secunia.com/advisories/13478/
cve@mitre.org	http://wikipedia.sourceforge.net/	Patch
cve@mitre.org	http://www.securityfocus.com/bid/11985	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=110321710420059&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/13478/
af854a3a-2127-422b-91ae-364da2661108	http://wikipedia.sourceforge.net/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11985	Exploit, Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code."
    }
  ],
  "id": "CVE-2004-1405",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110321710420059\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13478/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://wikipedia.sourceforge.net/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110321710420059\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13478/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://wikipedia.sourceforge.net/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11985"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:19

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.

References

URL	Tags
cve@mitre.org	https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png	Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b	Patch, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://phabricator.wikimedia.org/T262628	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T262628	Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "036C9229-D482-46F2-BA8C-A6800E5CFD1C",
              "versionEndExcluding": "1.34.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against \"page creation\" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n FileImporter para MediaWiki versiones anteriores a 1.34.4.\u0026#xa0;Un atacante puede importar un archivo incluso cuando la p\u00e1gina de destino est\u00e1 protegida contra \"page creation\" y el atacante no deber\u00eda poder crearlo.\u0026#xa0;Esto ocurre debido a una distinci\u00f3n manejada inapropiadamente entre una restricci\u00f3n de carga y una restricci\u00f3n de creaci\u00f3n.\u0026#xa0;Un atacante no puede aprovechar esto para sobrescribir cualquier cosa, pero puede aprovechar esto para obligar a un wiki a tener una p\u00e1gina con un t\u00edtulo no permitido"
    }
  ],
  "id": "CVE-2020-26121",
  "lastModified": "2024-11-21T05:19:17.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:13.063",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T262628"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-02 15:55

Modified

2025-04-12 10:46

Severity ?

Summary

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html	Vendor Advisory
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=40962
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=40962

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	*
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.0
mediawiki	mediawiki	1.18.1
mediawiki	mediawiki	1.18.2
mediawiki	mediawiki	1.18.3
mediawiki	mediawiki	1.18.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A778F48-5CC3-4823-B9BA-C9C53966ECA3",
              "versionEndIncluding": "1.18.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD4E4C-DE1D-4007-BABF-A82ECBC2C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "EA045993-D0DE-4878-A9CF-5C671F3E5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426470-3C5F-41AC-B64B-BA021D9F5EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "061DD021-3FAA-43D0-9ED2-6E60BF7E6CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B305B8-97DE-45C7-B7A7-B1D1AB32D511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF1EE8B-18BA-49AE-BAA1-187A2F5B1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F46B49A-D5B6-458E-8217-A5F5B045B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.18.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C260B25-06D8-4EA3-9C78-C0F608CFC390",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en la extensi\u00f3n CentralAuth para MediaWiki anterior a 1.18.6, 1.19.x anterior a 1.19.3 y 1.20.x anterior a 1.20.1 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de la cookie centralauth_Session."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html\n\n\"CWE-384: Session Fixation\"",
  "id": "CVE-2012-5395",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-02T15:55:08.293",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40962"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-23 20:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T118032	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T118032	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.24.4
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2
mediawiki	mediawiki	1.25.3
mediawiki	mediawiki	1.26.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3971880B-BD50-4E3D-96F0-D07F60D59923",
              "versionEndIncluding": "1.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92AA40C-3E9A-44E6-9833-06853B5BF453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CCAC6ED-C3F5-4D8E-922B-FAA481210C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.12, 1.24.x en versiones anteriores a 1.24.5, 1.25.x en versiones anteriores a 1.25.4, y 1.26.x en versiones anteriores a 1.26.1 no desinfecta adecuadamente los par\u00e1metros al llamar a la biblioteca cURL, lo que permite a los atacantes remotos leer archivos arbitrarios a trav\u00e9s de un car\u00e1cter @ (en signo) en par\u00e1metros de array POST no especificados."
    }
  ],
  "id": "CVE-2015-8625",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-23T20:59:00.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T118032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T118032"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-10-04 20:29

Modified

2024-11-21 03:46

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T199029	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T199029	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70872514-CF8E-4496-88BC-CF3A8E500C1F",
              "versionEndIncluding": "1.31.1",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn\u0027t be web accessible."
    },
    {
      "lang": "es",
      "value": "Mediawiki en versiones 1.31 anteriores a la 1.31.1 omite los archivos.htaccess en el tarball proporcionado usado para proteger algunos directorios que no deber\u00edan ser accesibles desde la web."
    }
  ],
  "id": "CVE-2018-13258",
  "lastModified": "2024-11-21T03:46:44.373",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-04T20:29:00.843",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T199029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T199029"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-10 08:15

Modified

2025-04-07 19:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
cve@mitre.org	https://phabricator.wikimedia.org/T149488	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T149488	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "357C67CA-8586-4F8D-951C-51220DD6AA18",
              "versionEndExcluding": "1.35.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13962AAD-4625-42E8-B960-53FAE7699070",
              "versionEndExcluding": "1.38.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "243E4420-7054-4190-8270-76E09207FC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "90D9672A-851F-46B0-AA0D-35991D7802E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5141FCFC-D842-49B8-9385-5EE2DB6E7BFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.9, 1.36.x hasta 1.38.x antes de 1.38.5 y 1.39.x antes de 1.39.1. E-Widgets reemplaza widgets en atributos HTML, lo que puede conducir a XSS, porque los autores de widgets a menudo no esperan que su widget se ejecute en un contexto de atributo HTML."
    }
  ],
  "id": "CVE-2023-22911",
  "lastModified": "2025-04-07T19:15:51.443",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-10T08:15:10.433",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T149488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T149488"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-10-04 20:29

Modified

2024-11-21 03:38

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3142
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3238
security@debian.org	https://access.redhat.com/errata/RHSA-2019:3813
security@debian.org	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T194605	Exploit, Patch, Third Party Advisory
security@debian.org	https://www.debian.org/security/2018/dsa-4301	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041695	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3142
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3238
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3813
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T194605	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4301	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.27.5
mediawiki	mediawiki	1.29.3
mediawiki	mediawiki	1.30.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2A2066-8996-48B5-A5F8-E08443D24B7A",
              "versionEndExcluding": "1.31.1",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E2BE13-CEE0-42ED-BC24-C5ED4EDBAF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD65E2E1-4634-4AE4-9631-4C3352991263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F24125C-A1AD-4CED-953F-E2D942AB02FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth\u0027s account lock"
    },
    {
      "lang": "es",
      "value": "Mediawiki en versiones 1.31 anteriores a la 1.31.1, 1.30.1, 1.29.3 y 1.27.5 contiene un fallo en el que BotPasswords puede omitir el bloqueo de cuenta de CentratlAuth."
    }
  ],
  "id": "CVE-2018-0505",
  "lastModified": "2024-11-21T03:38:22.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-04T20:29:00.687",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3142"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3238"
    },
    {
      "source": "security@debian.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:3813"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T194605"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T194605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4301"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-12-26 05:15

Modified

2025-04-14 16:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T292763	Issue Tracking, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-24
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T292763	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-24

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0
mediawiki	mediawiki	1.37.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99942EE7-37A1-42CD-B392-8ED9362430E2",
              "versionEndExcluding": "1.35.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7377A8D6-3B2E-4FD6-820A-4CD632158111",
              "versionEndExcluding": "1.36.3",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0B3400A0-D77C-45D4-8868-73AF0B82B6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F533BF3B-6FBC-4CA6-A645-A321E20B9804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7CBE66AB-8BE5-4A96-9B90-8F3238AE7CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "18A9BF2D-7DDF-4C9D-838A-D8BA511A2CD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.5, 1.36.x antes de 1.36.3 y 1.37.x antes de 1.37.1. La API REST almacena en cach\u00e9 p\u00fablicamente los resultados de wikis privados."
    }
  ],
  "id": "CVE-2021-44854",
  "lastModified": "2025-04-14T16:15:18.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-26T05:15:10.667",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T292763"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T292763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-24"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-524"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-16 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.

References

URL	Tags
security@debian.org	http://www.openwall.com/lists/oss-security/2014/12/21/2
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T76195	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/21/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T76195	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.24.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE55C257-9CF4-485C-8096-AC0C2759056F",
              "versionEndIncluding": "1.19.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la previsualizaci\u00f3n en la extensi\u00f3n TemplateSandbox para MediaWiki permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro text en Special:TemplateSandbox."
    }
  ],
  "id": "CVE-2014-9479",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-16T16:59:14.157",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T76195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T76195"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-16 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."

References

URL	Tags
security@debian.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:006
security@debian.org	http://www.openwall.com/lists/oss-security/2014/12/21/2
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T77028	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:006
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/21/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T77028	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.24.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE55C257-9CF4-485C-8096-AC0C2759056F",
              "versionEndIncluding": "1.19.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by \"http://en.wikipedia.org.evilsite.example/.\""
    },
    {
      "lang": "es",
      "value": "MediaWiki 1.2x anterior a 1.22.15, 1.23.x anterior a 1.23.8, y 1.24.x anterior a 1.24.1 permite a atacantes remotos evadir las restricciones CORS en $wgCrossSiteAJAXdomains a trav\u00e9s de un dominio que tiene una coincidencia parcial con un origen permitido, tal y como fue demostrado por \u0027http://en.wikipedia.org.evilsite.example/.\u0027"
    }
  ],
  "id": "CVE-2014-9476",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-16T16:59:10.983",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T77028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T77028"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-23 20:59

Modified

2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T97897	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T97897	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.24.4
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2
mediawiki	mediawiki	1.25.3
mediawiki	mediawiki	1.26.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3971880B-BD50-4E3D-96F0-D07F60D59923",
              "versionEndIncluding": "1.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92AA40C-3E9A-44E6-9833-06853B5BF453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CCAC6ED-C3F5-4D8E-922B-FAA481210C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.12, 1.24.x en versiones anteriores a 1.24.5, 1.25.x en versiones anteriores a 1.25.4 y 1.26.x en versiones anteriores a 1.26.1 no normaliza correctamente las direcciones IP que contienen octetos de relleno cero, lo que podr\u00eda permitir a atacantes remotos eludir las restricciones destinadas al acceso utilizando una direcci\u00f3n IP que no se supon\u00eda que hubiera sido autorizada."
    }
  ],
  "id": "CVE-2015-8627",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-23T20:59:00.657",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T97897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T97897"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-11-09 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1034028
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T91850	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034028
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T91850	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1",
              "versionEndIncluding": "1.23.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a 1.23.11, 1.24.x en versiones anteriores a 1.24.4 y 1.25.x en versiones anteriores a 1.25.3 no regula la subida de archivos, lo que permite a usuarios remotos autenticados tener un impacto no especificado a trav\u00e9s de m\u00faltiples subidas de archivos."
    }
  ],
  "id": "CVE-2015-8003",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-09T18:59:02.727",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T91850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T91850"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:12

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
cve@mitre.org	https://phabricator.wikimedia.org/T280226	Exploit, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4979	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T280226	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4979	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C2ED3A-13B1-4D89-A183-FF4E06BDB586",
              "versionEndExcluding": "1.31.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "009B6F8E-EEE4-428A-9DEE-AF4B6F07DCCD",
              "versionEndExcluding": "1.35.3",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DB0417-0B79-4CF4-8839-39F4D6DF1FD5",
              "versionEndExcluding": "1.36.1",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a \"sitewide block\" applied, it is able to still \"purge\" pages through the MediaWiki Action API (which a \"sitewide block\" should have prevented)."
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones anteriores a 1.31.15, versiones 1.32.x hasta 1.35.x, versiones anteriores a 1.35.3, y versiones 1.36.x anteriores a 1.36.1, unos bots presentan determinados accesos a la API no deseados. Cuando una cuenta de bot presenta un \"sitewide block\" aplicado, es capaz de \"purge\" p\u00e1ginas mediante la API de acci\u00f3n de MediaWiki (lo que un \"bloqueo del sitio\" deber\u00eda haber impedido)"
    }
  ],
  "id": "CVE-2021-35197",
  "lastModified": "2024-11-21T06:12:01.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.727",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T280226"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T280226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4979"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T64685
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T64685
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.24.0
	mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password."
    },
    {
      "lang": "es",
      "value": "MediaWiki 1.24.x anterior a 1.24.2 cuando se utiliza PBKDF2 para el hash de contrase\u00f1as, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU) con una contrase\u00f1a larga."
    }
  ],
  "id": "CVE-2015-2936",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-13T14:59:09.287",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T64685"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T64685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-03-23 20:59

Modified

2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T109724	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/21/8	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/12/23/7	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T109724	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.24.4
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2
mediawiki	mediawiki	1.25.3
mediawiki	mediawiki	1.26.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3971880B-BD50-4E3D-96F0-D07F60D59923",
              "versionEndIncluding": "1.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92AA40C-3E9A-44E6-9833-06853B5BF453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CCAC6ED-C3F5-4D8E-922B-FAA481210C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics."
    },
    {
      "lang": "es",
      "value": "Las p\u00e1ginas (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads y (5) Special:AllMyUploads en MediaWiki en versiones anteriores a 1.23.12, 1.24.x en versiones anteriores a 1.24. 5, 1.25.x en versiones anteriores a 1.25.4 y 1.26.x en versiones anteriores a 1.26.1 permiten a atacantes remotos obtener informaci\u00f3n sensible de acceso de usuarios a trav\u00e9s de v\u00ednculos manipulados combinados con estad\u00edsticas de visualizaci\u00f3n de p\u00e1gina."
    }
  ],
  "id": "CVE-2015-8628",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-23T20:59:00.687",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T109724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T109724"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2010/07/29/4
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2010/07/29/4

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	1.16

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "05B8CCC3-76EF-406A-BB86-0C4F88B5BF99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inclusi\u00f3n remota de archivo PHP en MediaWikiParserTest.php en MediaWiki v1.16 beta, cuando register_globals est\u00e1 activado, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2010-2789",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-27T00:55:01.787",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-12-19 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33349	Vendor Advisory
cve@mitre.org	http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33349	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception."
    },
    {
      "lang": "es",
      "value": "MediaWiki versi\u00f3n 1.8.1, y otras versiones anteriores a 1.13.3, cuando la variable wgShowExceptionDetails est\u00e1 habilitada, a veces proporciona el path de instalaci\u00f3n completa en un mensaje de depuraci\u00f3n, lo que podr\u00eda permitir a los atacantes remotos conseguir informaci\u00f3n confidencial por medio de peticiones no especificadas que desencadenan una excepci\u00f3n no detectada."
    }
  ],
  "id": "CVE-2008-5688",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-19T17:30:03.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-05-02 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/14360	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=307067	Patch
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/14360	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013260	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=307067	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion."
    }
  ],
  "id": "CVE-2005-0536",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-09-12 19:17

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
secalert@redhat.com	http://fedoranews.org/updates/FEDORA-2007-218.shtml
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html	Patch
secalert@redhat.com	http://secunia.com/advisories/26772	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26870
secalert@redhat.com	http://www.securityfocus.com/bid/25632
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3130
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=287881
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/36558
af854a3a-2127-422b-91ae-364da2661108	http://fedoranews.org/updates/FEDORA-2007-218.shtml
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26772	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26870
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25632
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3130
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=287881
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36558

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.11_development

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11_development:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BAC8B28-1EF1-47A3-831E-84ABC8974780",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modo de presentaci\u00f3n legible para humanos (pretty-printing) de la API de MediaWiki 1.8.0 hasta 1.8.4, 1.9.0 hasta 1.9.3, 1.10.0 hasta 1.10.1, y las versiones de desarrollo hasta la 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2007-4828",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-09-12T19:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://fedoranews.org/updates/FEDORA-2007-218.shtml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26772"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26870"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/25632"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3130"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=287881"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/updates/FEDORA-2007-218.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=287881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36558"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-01-16 16:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.

References

URL	Tags
security@debian.org	http://www.debian.org/security/2014/dsa-3110
security@debian.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:006
security@debian.org	http://www.openwall.com/lists/oss-security/2014/12/21/2
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3110
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:006
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/21/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.24.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE55C257-9CF4-485C-8096-AC0C2759056F",
              "versionEndIncluding": "1.19.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en thumb.php en MediaWiki anterior a 1.19.23, 1.2x anterior a 1.22.15, 1.23.x anterior a 1.23.8, y 1.24.x anterior a 1.24.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un mensaje wikitext."
    }
  ],
  "id": "CVE-2014-9475",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-16T16:59:09.920",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2014/dsa-3110"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-06-28 13:15

Modified

2024-11-21 07:10

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742	Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T308659	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T308659	Mailing List

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC979A45-0DA0-47F2-910A-3F7548950CBF",
              "versionEndIncluding": "1.38.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en MediaWiki versiones hasta 1.38.1. La longitud del lema de un lexema de Wikibase est\u00e1 actualmente limitada a mil caracteres. Desafortunadamente, esta longitud no es comprobada, lo que permite crear lexemas mucho m\u00e1s grandes, lo que introduce varios vectores de ataque de denegaci\u00f3n de servicio en las extensiones Wikibase y WikibaseLexeme. Esto est\u00e1 relacionado con Special:NewLexeme y Special:NewProperty"
    }
  ],
  "id": "CVE-2022-34750",
  "lastModified": "2024-11-21T07:10:07.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-28T13:15:12.817",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://phabricator.wikimedia.org/T308659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://phabricator.wikimedia.org/T308659"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	Patch
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2010/07/29/4	Patch
secalert@redhat.com	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952	Patch
secalert@redhat.com	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984	Patch
secalert@redhat.com	http://www.securityfocus.com/bid/42024
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=620225	Patch
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=620226	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2010/07/29/4	Patch
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952	Patch
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/42024
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=620225	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=620226	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06476639-EF89-484D-94F9-B4BAABA52F98",
              "versionEndIncluding": "1.15.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en profileinfo.php en MediaWiki anterior a v1.15.5, cyabdi wgEnableProfileInfo est\u00e1 activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"filter\"."
    }
  ],
  "id": "CVE-2010-2788",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-27T00:55:01.740",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69952"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69984"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/42024"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620225"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/42024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-10-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
secalert@redhat.com	http://osvdb.org/96912
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/553	Patch
secalert@redhat.com	http://secunia.com/advisories/54715	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2013/dsa-2753
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=49090	Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86896
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.19
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.20
secalert@redhat.com	https://www.mediawiki.org/wiki/Release_notes/1.21
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96912
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/553	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54715	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2753
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=49090	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86896
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.19
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.20
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.21

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php."
    },
    {
      "lang": "es",
      "value": "Los scripts ApiBlock.php,  ApiCreateAccount.php,  ApiLogin.php, ApiMain.php,  ApiQueryDeletedrevs.php,  ApiTokens.php, y ApiUnblock.php en includes/api en MediaWiki 1.19.x anterior a 1.19.8, 1.20.x anterior a 1.20.7, y 1.21.x anterior a  1.21.2  permite a atacantes remotos obtener tokens CSFR y evitar la protecci\u00f3n contra CSFR via peticiones  JSON a  wiki/api.php"
    }
  ],
  "id": "CVE-2013-4302",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-27T00:55:03.883",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/96912"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54715"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2753"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49090"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86896"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-03-31 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39022	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39656
cve@mitre.org	http://www.debian.org/security/2010/dsa-2022
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0685	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2010/1001
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39022	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39656
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2022
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0685	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1001

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.15.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A20EC18-6A14-4264-9828-66DF96E03442",
              "versionEndIncluding": "1.15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka \"CSS validation issue.\""
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a la 1.15.2 no impide a los editores de wiki enlazar a imagenes de otros sitios web en las p\u00e1ginas del wiki, lo que permite a los editores obtener direcciones IP y otra informaci\u00f3n de los usuarios del wiki a\u00f1adiendo un enlace a una imagen situada en un sitio web controlado por el atacante, tambi\u00e9n conocido como \"CSS validation issue.\""
    }
  ],
  "id": "CVE-2010-1189",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-31T18:00:00.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39656"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2010/dsa-2022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0685"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1001"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-09-14 00:17

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html	Patch
cve@mitre.org	http://osvdb.org/37336
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37336

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n BotQuery de MediaWiki 1.7.x y versiones anteriores a SVN 20070910 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores no especificados, asunto similar a CVE-2007-4828."
    }
  ],
  "id": "CVE-2007-4883",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-09-14T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37336"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-29 16:15

Modified

2024-11-21 08:11

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T333980	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T333980	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285",
              "versionEndIncluding": "1.39.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs."
    }
  ],
  "id": "CVE-2023-37251",
  "lastModified": "2024-11-21T08:11:18.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-29T16:15:09.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T333980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T333980"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-01-11 03:00

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/42810	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/01/04/12
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/01/04/6
secalert@redhat.com	http://www.osvdb.org/70272
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0017	Vendor Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/64476
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42810	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/01/04/12
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/01/04/6
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/70272
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0017	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64476

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.5_r14348
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	stable_2003-08-29
mediawiki	mediawiki	stable_2003-11-07
mediawiki	mediawiki	stable_2003-11-17

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E68CCC-CA3C-458E-87BA-2CF95E64A129",
              "versionEndIncluding": "1.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B4D1E6-9EFE-4608-9A97-8119822A9F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FBC313-0615-42D9-8617-4DE42CAA48BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-08-29:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5450893-4658-45F8-8512-379CEA43696C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-11-07:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02DACFF-7D0B-436C-A794-F123EFE97137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:stable_2003-11-17:*:*:*:*:*:*:*",
              "matchCriteriaId": "258C9027-175D-48A8-830C-2D92CCCC6B3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a v1.16.1, cuando el usuario o el sitio JavaScript o CSS est\u00e1 activado, permite a atacantes remotos realizar ataques de clickjacking a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2011-0003",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-11T03:00:05.017",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42810"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/01/04/12"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/01/04/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/70272"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0017"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/01/04/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/01/04/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/70272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64476"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2	Issue Tracking, Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T274152	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T274152	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki versiones hasta 1.35.2.\u0026#xa0;El formulario Special: AbuseFilter/Examinar permit\u00eda la divulgaci\u00f3n de nombres de usuario de MediaWiki suprimidos a usuarios sin privilegios"
    }
  ],
  "id": "CVE-2021-31549",
  "lastModified": "2024-11-21T06:05:53.547",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.067",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T274152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T274152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-04 22:15

Modified

2025-06-17 15:54

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

References

▶	URL	Tags
	cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855	Patch, Vendor Advisory
	cve@mitre.org	https://phabricator.wikimedia.org/T372998	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0C21BE-0A08-4CEB-9CB8-B79BD88103B7",
              "versionEndExcluding": "1.39.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0ED8E65-CFE2-465C-A330-15FCE03B3056",
              "versionEndExcluding": "1.41.3",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECB922E-CEC2-40BF-8655-09D0E48E2D42",
              "versionEndExcluding": "1.42.2",
              "versionStartIncluding": "1.42.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki anterior a la versi\u00f3n 1.39.9, 1.40.x y 1.41.x anterior a la 1.41.3, y 1.42.x anterior a la 1.42.2. Un llamador de API puede hacer coincidir una condici\u00f3n de filtro con los registros de AbuseFilter incluso si el llamador no est\u00e1 autorizado a ver los detalles del registro del filtro."
    }
  ],
  "id": "CVE-2024-47913",
  "lastModified": "2025-06-17T15:54:48.687",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-04T22:15:02.687",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T372998"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-01-12 05:15

Modified

2025-06-20 17:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177	Patch
cve@mitre.org	https://phabricator.wikimedia.org/T347704	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177	Patch
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T347704	Exploit, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "518A7A3D-741F-405B-8220-982093DF53E1",
              "versionEndExcluding": "1.35.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCCA5D1-C639-4407-917F-95A949E639A8",
              "versionEndExcluding": "1.39.6",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6",
              "versionEndExcluding": "1.40.2",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n PageTriage en MediaWiki antes de 1.35.14, 1.36.x hasta 1.39.x antes de 1.39.6 y 1.40.x antes de 1.40.2. XSS puede ocurrir a trav\u00e9s de rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, o mensaje pagetriage-filter-reset-button."
    }
  ],
  "id": "CVE-2024-23174",
  "lastModified": "2025-06-20T17:15:40.157",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-12T05:15:10.387",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T347704"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-18 08:15

Modified

2024-11-21 05:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T268938	Exploit, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4816	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T268938	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4816	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B56916-AE2B-4414-8BEF-C2054DB6BBAD",
              "versionEndExcluding": "1.35.1",
              "versionStartIncluding": "1.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a 1.35.1, permite un ataque de tipo XSS por medio del archivo BlockLogFormatter.php.\u0026#xa0;En la funci\u00f3n Language::translateBlockExpiry en s\u00ed mismo no escapa en todas las rutas de c\u00f3digo.\u0026#xa0;Por ejemplo, la devoluci\u00f3n de la funci\u00f3n Language::userTimeAndDate es siempre no segura para HTML en un valor de mes.\u0026#xa0;Esto afecta a MediaWiki versiones 1.12.0 y posteriores"
    }
  ],
  "id": "CVE-2020-35479",
  "lastModified": "2024-11-21T05:27:22.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-18T08:15:15.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268938"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-25 14:29

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/10/29/14	Mailing List, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1034028
cve@mitre.org	https://phabricator.wikimedia.org/T103023	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/10/29/14	Mailing List, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034028
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T103023	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.24.3
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
mediawiki	mediawiki	1.25.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35D692-87E9-4982-AA23-27EBD5E5EEE1",
              "versionEndIncluding": "1.23.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDBD41F-C2D5-4D7C-B069-FBC2C8EBB81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF21D6EE-CEAC-42A7-99B6-D9D033E1FEC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer\u0027s credentials by leveraging knowledge of the credentials."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n MWOAuthDataStore::lookup_token Extension:OAuth para MediaWiki versi\u00f3n 1.25.x anterior a 1.25.3, versi\u00f3n 1.24.x anterior a 1.24.4 y anterior a versi\u00f3n 1.23.11, no comprueba apropiadamente la firma cuando verifica la firma de autorizaci\u00f3n, lo que permite a los consumidores registrados remotos utilizar las credenciales de otro consumidor mediante el aprovechamiento el conocimiento de las credenciales."
    }
  ],
  "id": "CVE-2015-8009",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-25T14:29:00.223",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "VDB Entry"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T103023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "VDB Entry"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T103023"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-01-08 11:55

Modified

2025-04-11 00:51

Severity ?

Summary

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

References

URL	Tags
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html	Patch, Vendor Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/11/29/12	Mailing List, Third Party Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/11/29/6	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2366	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=758171	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=32276	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/11/29/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/11/29/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2366	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=758171	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=32276	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
debian	debian_linux	5.0
debian	debian_linux	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA18B2E1-E258-4A9C-BD50-8019EEC3D264",
              "versionEndExcluding": "1.17.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter."
    },
    {
      "lang": "es",
      "value": "MediaWiki antes de v1.17.1 permite a atacantes remotos obtener los t\u00edtulos de las p\u00e1ginas de todas las p\u00e1ginas restringidas a trav\u00e9s de una serie de solicitudes relacionadas con los par\u00e1metros (1) curid o (2) oldid."
    }
  ],
  "id": "CVE-2011-4360",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-08T11:55:18.763",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-04-15 20:16

Modified

2025-02-06 17:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html	Mailing List, Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T270453	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T270453	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130F776B-EE19-44AF-A088-072E5B0EDB1B",
              "versionEndExcluding": "1.31.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn\u0027t because they are hidden.) This is related to ApiVisualEditor."
    }
  ],
  "id": "CVE-2021-30153",
  "lastModified": "2025-02-06T17:15:12.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-15T20:16:00.570",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270453"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-09 07:15

Modified

2024-11-21 06:03

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
cve@mitre.org	https://phabricator.wikimedia.org/T270713	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T270713	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130F776B-EE19-44AF-A088-072E5B0EDB1B",
              "versionEndExcluding": "1.31.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to \"protect\" a page, a user is currently able to protect to a higher level than they currently have permissions for."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.13 y versiones 1.32.x hasta 1.35.x versiones anteriores a 1.35.2.\u0026#xa0;Cuando es usada la API de MediaWiki para \"proteger\" una p\u00e1gina, un usuario actualmente puede proteger a un nivel m\u00e1s alto del que actualmente posee permisos"
    }
  ],
  "id": "CVE-2021-30152",
  "lastModified": "2024-11-21T06:03:24.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-09T07:15:15.887",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270713"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-09-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	http://www.securityfocus.com/bid/76361
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T101608
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76361
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T101608
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A",
              "versionEndIncluding": "1.23.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en GeSHi, como se usa en la extensi\u00f3n SyntaxHighligh_GeSHi y MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-6733",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-01T14:59:11.573",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/76361"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T101608"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T101608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-03-31 19:15

Modified

2025-02-18 16:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39	Release Notes
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
cve@mitre.org	https://phabricator.wikimedia.org/T285159	Issue Tracking, Permissions Required
cve@mitre.org	https://www.debian.org/security/2023/dsa-5447
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T285159	Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5447
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://phabricator.wikimedia.org/T285159	Issue Tracking, Permissions Required

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E6856E-CA34-4C76-AC91-0D5B6D01B4BD",
              "versionEndExcluding": "1.35.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C2A5F3-02E4-424F-A839-CF2C9E25A6ED",
              "versionEndExcluding": "1.38.6",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "830D156B-2E4E-4CC4-B29B-D166216B1ACA",
              "versionEndExcluding": "1.39.3",
              "versionStartIncluding": "1.39.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header."
    }
  ],
  "id": "CVE-2023-29141",
  "lastModified": "2025-02-18T16:15:16.077",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-31T19:15:07.540",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T285159"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2023/dsa-5447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T285159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5447"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T285159"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-01-19 21:03

Modified

2025-04-03 01:03

Severity ?

Summary

Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."

References

URL	Tags
cve@mitre.org	http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
cve@mitre.org	http://secunia.com/advisories/18711
cve@mitre.org	http://secunia.com/advisories/18717
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=386609	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0392
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24478
af854a3a-2127-422b-91ae-364da2661108	http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18711
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18717
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=386609	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0392
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24478

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.4_beta1
mediawiki	mediawiki	1.4_beta2
mediawiki	mediawiki	1.4_beta3
mediawiki	mediawiki	1.4_beta4
mediawiki	mediawiki	1.4_beta5
mediawiki	mediawiki	1.4_beta6
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5_alpha1
mediawiki	mediawiki	1.5_alpha2
mediawiki	mediawiki	1.5_beta1
mediawiki	mediawiki	1.5_beta2
mediawiki	mediawiki	1.5_beta3
mediawiki	mediawiki	1.5_beta4
mediawiki	mediawiki	1.5_rc2
mediawiki	mediawiki	1.5_rc3
mediawiki	mediawiki	1.5_rc4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E70F32-2F26-4836-8A4F-0A0B06EAD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE506B8C-245E-4A7E-A24C-FABB1D4531EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "934382C1-088A-4AEE-A71A-E9802AC9C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9028E-1BDE-4BA0-A479-7A30020331D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D02E4C1-2BA7-4BC0-9C11-D0F74181DF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28DC19-7E6A-4CC7-86A9-10EA9FD79FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD296DF-21C6-43E4-AC4D-8F57220ECDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AD23BE-5400-43D8-A667-7AE60B0500B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AFE2FA-CAE0-42C3-AA84-4F8D59045A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9703151E-85D7-4F81-AFB5-5BC72C44D81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D66E99D9-8ED9-445A-908D-58A70A32E033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E4BE45-F7F2-46DF-995D-1A7203DF5EDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E607C45-A499-4F08-A15E-608EB28788E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38FFBC7-5731-42B7-8BAE-C1F230F4610C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via \"certain malformed links.\""
    }
  ],
  "id": "CVE-2006-0322",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-01-19T21:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18711"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18717"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=386609"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/0392"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=386609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24478"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-05-05 19:15

Modified

2025-06-11 14:44

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175	Patch, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T357203	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T357203	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7D7611-D088-4AF6-8CE0-EACBE4FF4492",
              "versionEndExcluding": "1.39.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF19DE5-1D79-4001-ABA1-D648AD6610D6",
              "versionEndExcluding": "1.40.2",
              "versionStartIncluding": "1.40.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "314B0F2D-27BD-486B-B528-FD8A7AAE53E6",
              "versionEndExcluding": "1.41.1",
              "versionStartIncluding": "1.41.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n UnlinkedWikibase en MediaWiki antes de 1.39.6, 1.40.x antes de 1.40.2 y 1.41.x antes de 1.41.1. XSS puede ocurrir a trav\u00e9s de un mensaje de interfaz. Los mensajes de error (en la $err var) no se escapan antes de pasarse a Html::rawElement() en la funci\u00f3n getError() en la clase Hooks."
    }
  ],
  "id": "CVE-2024-34500",
  "lastModified": "2025-06-11T14:44:14.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-05T19:15:07.123",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T357203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T357203"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-20 18:15

Modified

2025-04-03 16:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T315123	Exploit, Issue Tracking, Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T315123	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "357C67CA-8586-4F8D-951C-51220DD6AA18",
              "versionEndExcluding": "1.35.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13962AAD-4625-42E8-B960-53FAE7699070",
              "versionEndExcluding": "1.38.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "243E4420-7054-4190-8270-76E09207FC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "90D9672A-851F-46B0-AA0D-35991D7802E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5141FCFC-D842-49B8-9385-5EE2DB6E7BFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.9, 1.36.x hasta 1.38.x antes de 1.38.5 y 1.39.x antes de 1.39.1. CheckUser TokenManager utiliza de forma insegura el cifrado AES-CTR con un nonce repetido (tambi\u00e9n conocido como reutilizado), lo que permite a un adversario descifrarlo."
    }
  ],
  "id": "CVE-2023-22912",
  "lastModified": "2025-04-03T16:15:32.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-20T18:15:10.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T315123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T315123"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-330"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-330"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-05-12 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.

References

▶	URL	Tags
	secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1
mediawiki	mediawiki	1.19.2
mediawiki	mediawiki	1.19.3
mediawiki	mediawiki	1.19.4
mediawiki	mediawiki	1.19.5
mediawiki	mediawiki	1.19.6
mediawiki	mediawiki	1.19.7
mediawiki	mediawiki	1.19.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76902FB-9672-488B-9D9E-39B121DEC913",
              "versionEndIncluding": "1.19.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D7105D-3CF1-49FF-9F51-088C58F19003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F647077F-52FD-460B-9511-85812A1447FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A8AFF-EF0E-490C-8833-FF1071563979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3205F5-3A29-4D45-AC95-83174F8969BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5547DA02-3BEC-4278-A714-25CCB820AA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E5609D-EC04-4088-9B61-ABDD256200F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23B09BB-8F43-4D60-A37F-D8685584AF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A3F38-9A86-4346-9337-5C2A1DED37C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CCC3B5-9BD4-40B4-AF1A-DF4B2A6DC12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DA1112-69AB-408A-886E-F248516FDE11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de XSL manipulado en un archivo SVG."
    }
  ],
  "id": "CVE-2013-6452",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-12T14:55:06.150",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T85349
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T85349
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by \"@imporT.\""
    },
    {
      "lang": "es",
      "value": "MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9 y 1.24.x anterior a 1.24.2 permite a atacantes remotos evadir el filtrado de SVG y obtener informaci\u00f3n sensible de usuario a trav\u00e9s del uso de min\u00fasculas y may\u00fasculas en @import en un elemento style de un fichero SVG, tal y como se ha demostrado por \u0027@imporT.\u0027"
    }
  ],
  "id": "CVE-2015-2935",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-13T14:59:08.303",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T85349"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T85349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-07-12 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/15950	Patch, Vendor Advisory
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=340290	Patch
cve@mitre.org	http://www.novell.com/linux/security/advisories/2005_19_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/14181	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/15950	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=340290	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2005_19_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/14181	Patch

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4_beta6
mediawiki	mediawiki	1.5_alpha1
mediawiki	mediawiki	1.5_alpha2
mediawiki	mediawiki	1.5_beta1
mediawiki	mediawiki	1.5_beta2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "728E2852-5658-4DCC-AF1E-718B292F06C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28DC19-7E6A-4CC7-86A9-10EA9FD79FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_alpha2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD296DF-21C6-43E4-AC4D-8F57220ECDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AD23BE-5400-43D8-A667-7AE60B0500B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AFE2FA-CAE0-42C3-AA84-4F8D59045A78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888."
    }
  ],
  "id": "CVE-2005-2215",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-07-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/15950"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=340290"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/14181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/15950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=340290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/14181"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-27 16:15

Modified

2024-11-21 02:20

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.

References

URL	Tags
security@debian.org	http://www.openwall.com/lists/oss-security/2014/12/21/2	Mailing List, Third Party Advisory
security@debian.org	http://www.openwall.com/lists/oss-security/2015/01/03/13	Mailing List, Third Party Advisory
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Patch, Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T73167	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/12/21/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/01/03/13	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T73167	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "124E3FE8-925D-47C7-A1BD-B7893DE35CC0",
              "versionEndExcluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCBAA26B-871F-47B9-8FA8-EFF4A80FCC2C",
              "versionEndExcluding": "1.22.15",
              "versionStartIncluding": "1.19.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B604C2A5-5D67-498C-918B-B6123680EA27",
              "versionEndExcluding": "1.23.8",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "472CD2E7-D6FC-43EC-8A39-5FF1643C7CBF",
              "versionEndExcluding": "1.24.1",
              "versionStartIncluding": "1.23.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n Scribunto para MediaWiki, permite a atacantes remotos obtener el token de reversi\u00f3n y posiblemente otra informaci\u00f3n confidencial por medio de un m\u00f3dulo dise\u00f1ado, relacionado con el desarmado de p\u00e1ginas HTML especiales."
    }
  ],
  "id": "CVE-2014-9481",
  "lastModified": "2024-11-21T02:20:59.597",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-27T16:15:10.203",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T73167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T73167"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-15 08:29

Modified

2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
security@debian.org	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
mediawiki	mediawiki	1.28.2
mediawiki	mediawiki	1.29.0
mediawiki	mediawiki	1.29.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17",
              "versionEndIncluding": "1.27.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject \u003e (greater than) characters via the id attribute of a headline."
    },
    {
      "lang": "es",
      "value": "MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2 permite que atacantes remotos inyecten caracteres \u003e (mayor que) mediante el atributo id de un encabezado."
    }
  ],
  "id": "CVE-2017-8812",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T08:29:00.750",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-10-19 21:29

Modified

2025-04-20 01:37

Severity ?

4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

References

URL	Tags
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T41823	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/10	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/31/6	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T41823	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.19.0
mediawiki	mediawiki	1.19.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03517F3-5555-4DCF-A5BD-15B2AF03C970",
              "versionEndIncluding": "1.18.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C29D44-2964-483F-B672-27B5CE471DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "172FEFE5-9900-49D0-9E14-2FA4A7912D23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt."
    },
    {
      "lang": "es",
      "value": "MediaWiki, en versiones anteriores a la 1.18.5 y versiones 1.19.x anteriores a la 1.19.2, no protege correctamente los metadatos del bloqueo de usuario, lo que permite que administradores remotos lean una raz\u00f3n de bloqueo de usuario mediante un intento de rebloqueo."
    }
  ],
  "id": "CVE-2012-4382",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T21:29:00.283",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T41823"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-09-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	http://www.securityfocus.com/bid/76361
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T108198
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76361
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T108198
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A",
              "versionEndIncluding": "1.23.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en contrib/cssgen.php en GeSHi, como se usa en la extensi\u00f3n SyntaxHighligh_GeSHi y MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-6734",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-09-01T14:59:12.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/76361"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T108198"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T108198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-11-03 05:15

Modified

2024-11-21 08:26

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
cve@mitre.org	https://phabricator.wikimedia.org/T341529	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T341529	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F7880C3A-6D22-4D41-BD00-7E30D3A46FB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka \"X intermediate revisions by the same user not shown\") ignores username suppression. This is an information leak."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en DifferenceEngine.php en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. diff-multi-sameuser (tambi\u00e9n conocido como \"X revisiones intermedias del mismo usuario no mostradas\") ignora la supresi\u00f3n del nombre de usuario. Esta es una filtraci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2023-45362",
  "lastModified": "2024-11-21T08:26:49.250",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-03T05:15:30.773",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T341529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T341529"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-09 07:15

Modified

2024-11-21 06:03

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
cve@mitre.org	https://phabricator.wikimedia.org/T270988	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T270988	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-40	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4889	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3291BAE5-6903-463D-9750-7D0B6FAD911A",
              "versionEndExcluding": "1.31.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05863-89D9-435E-B92D-5FC6396C5B3D",
              "versionEndExcluding": "1.35.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.12 y versiones 1.32.x hasta 1.35.x versiones anteriores a 1.35.2.\u0026#xa0;La funci\u00f3n ContentModelChange no comprueba si un usuario presenta permisos correctos para crear y ajustar el modelo de contenido de una p\u00e1gina inexistente"
    }
  ],
  "id": "CVE-2021-30155",
  "lastModified": "2024-11-21T06:03:24.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-09T07:15:16.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270988"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T270988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4889"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T150044	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0362	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T150044	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0362	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the \"Mark all pages visited\" on the watchlist does not require a CSRF token."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error por el cual \"Mark all pages visited\" en la lista de control no requiere un token CSRF"
    }
  ],
  "id": "CVE-2017-0362",
  "lastModified": "2024-11-21T03:02:50.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.347",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T150044"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T150044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0362"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:18

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce	Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.31.10
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D57552-DD9C-44B8-9BA4-6AB0EAF09979",
              "versionEndExcluding": "1.34.4",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.31.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "309D8913-AE96-4A71-AD2D-AA6A82182323",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn\u0027t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)"
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki versiones anteriores a 1.31.10 y desde1.32.x hasta 1.34.x anteriores a 1.34.4.\u0026#xa0;La versi\u00f3n que no es jqueryMsg de la funci\u00f3n mw.message(). La funci\u00f3n Parse() no escapa al HTML.\u0026#xa0;Esto afecta tanto al contenido del mensaje (que generalmente es seguro) como a los par\u00e1metros (que pueden estar basados en la entrada de usuario).\u0026#xa0;(Cuando se carga jqueryMsg, acepta correctamente solo las etiquetas en la lista blanca en el contenido del mensaje y escapa todos los par\u00e1metros. Las situaciones con un jqueryMsg descargado son raras en la pr\u00e1ctica, pero pueden ocurrir, por ejemplo, para Special:SpecialPages en una wiki sin extensiones instaladas)"
    }
  ],
  "id": "CVE-2020-25828",
  "lastModified": "2024-11-21T05:18:51.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:12.877",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-01-11 00:28

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://osvdb.org/31525
cve@mitre.org	http://secunia.com/advisories/23647	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24889
cve@mitre.org	http://sourceforge.net/forum/forum.php?forum_id=652721	Patch, Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES	Patch, Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES	Patch, Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES	Patch, Vendor Advisory
cve@mitre.org	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES	Patch, Vendor Advisory
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_6_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/21956	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0096
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31359
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/31525
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23647	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24889
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/forum/forum.php?forum_id=652721	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_6_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21956	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0096
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31359

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.5_r14348
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B4D1E6-9EFE-4608-9A97-8119822A9F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo AJAX del MediaWiki anterior al 1.6.9, 1.7 anterior al 1.7.2, 1.8 anterior al 1.8.3 y 1.9 anterior al 1.9.0rc2, cuando el wgUseAjax est\u00e1 habilitado, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2007-0177",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-11T00:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/31525"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23647"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24889"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=652721"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/21956"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0096"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/31525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=652721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/21956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31359"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-06-26 01:15

Modified

2024-11-21 08:10

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
cve@mitre.org	https://phabricator.wikimedia.org/T332889	Exploit, Issue Tracking
cve@mitre.org	https://www.debian.org/security/2023/dsa-5447	Third Party Advisory
cve@mitre.org	https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T332889	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5447	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40	Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB8FFF65-64E2-4995-9D76-4A76E9165631",
              "versionEndExcluding": "1.35.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "604E0A5B-4554-46AA-98AF-608A2CCDBF4F",
              "versionEndExcluding": "1.38.7",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B25814F-6A96-432B-9E6B-458E8FAA8B32",
              "versionEndExcluding": "1.39.4",
              "versionStartIncluding": "1.39.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en MediaWiki antes de 1.35.11, 1.36.x hasta 1.38.x antes de 1.38.7 y 1.39.x antes de 1.39.4. BlockLogFormatter.php en BlockLogFormatter permite XSS en la funci\u00f3n de bloques parciales."
    }
  ],
  "id": "CVE-2023-36675",
  "lastModified": "2024-11-21T08:10:19.743",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-26T01:15:09.203",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T332889"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5447"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://phabricator.wikimedia.org/T332889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-21 22:15

Modified

2024-11-21 04:59

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T250594	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T250594	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE188BC3-37A8-478E-86EE-16426E45DD12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query\u0026meta=globaluserinfo\u0026guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n CentralAuth versiones hasta REL1_34 para MediaWiki, permite a atacantes remotos obtener informaci\u00f3n confidencial de la cuenta oculta por medio de una petici\u00f3n api.php?action=query\u0026amp;meta=globaluserinfo\u0026amp;guiuser=. En otras palabras, la informaci\u00f3n puede ser recuperada por medio de la API action a pesar de que el acceso ser\u00eda denegado al simplemente visitar wiki/Special:CentralAuth en un navegador web."
    }
  ],
  "id": "CVE-2020-12051",
  "lastModified": "2024-11-21T04:59:11.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-21T22:15:14.900",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T250594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T250594"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-09-27 21:15

Modified

2024-11-21 05:18

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214	Patch, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D57552-DD9C-44B8-9BA4-6AB0EAF09979",
              "versionEndExcluding": "1.34.4",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text()."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en MediaWiki desde 1.32.x hasta 1.34.x anteriores a 1.34.4.\u0026#xa0;La funci\u00f3n LogEventList::getFiltersDesc usa de forma no segura el texto del mensaje para crear nombres de opciones para un campo de selecci\u00f3n m\u00faltiple HTML.\u0026#xa0;El c\u00f3digo relevante debe usar la funci\u00f3n escaped() en lugar de text()"
    }
  ],
  "id": "CVE-2020-25815",
  "lastModified": "2024-11-21T05:18:49.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-27T21:15:12.750",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-01-07 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

References

URL	Tags
cve@mitre.org	http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html
cve@mitre.org	http://osvdb.org/55824	Exploit
cve@mitre.org	http://secunia.com/advisories/35818	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/35662	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1882	Patch, Vendor Advisory
cve@mitre.org	https://bugzilla.wikimedia.org/show_bug.cgi?id=19693
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/51687
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/55824	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35818	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35662	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1882	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=19693
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/51687

Impacted products

	Vendor	Product	Version
	mediawiki	mediawik	i1.15.0
	mediawiki	mediawiki	1.14.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawik:i1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C218E29C-6B73-4757-93BC-02270F1EC32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la implementaci\u00f3n Special:Block en la funci\u00f3n getContribsLink en SpecialBlockip.php en MediaWiki v1.14.0 y v1.15.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"ip\"."
    }
  ],
  "id": "CVE-2009-4589",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-01-07T18:30:00.917",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/55824"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35818"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35662"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1882"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/55824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-09-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/12/6
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/08/27/6
cve@mitre.org	https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T106893
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/12/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/08/27/6
af854a3a-2127-422b-91ae-364da2661108	https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T106893

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1
mediawiki	mediawiki	1.24.2
mediawiki	mediawiki	1.25.0
mediawiki	mediawiki	1.25.1
canonical	ubuntu_linux	15.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A",
              "versionEndIncluding": "1.23.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la p\u00e1gina Special:DeletedContributions en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos determinar si una IP es autobloqueada a trav\u00e9s del texto \u0027Change block\u0027."
    }
  ],
  "id": "CVE-2015-6727",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-01T14:59:04.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T106893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T106893"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T73394
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T73394
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la clase Html en MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9, y 1.24.x anterior a 1.24.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una cadena de sustituci\u00f3n LanguageConverter cuando utiliza una variante de lenguaje."
    }
  ],
  "id": "CVE-2015-2933",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:06.350",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T73394"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T73394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

4.7 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T144845	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0365	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T144845	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0365	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene una vulnerabilidad de Cross-Site Scripting (XSS) en SearchHighlighter::highlightText() con configuraciones que no son por defecto."
    }
  ],
  "id": "CVE-2017-0365",
  "lastModified": "2024-11-21T03:02:50.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.547",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T144845"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T144845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0365"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-11-20 20:15

Modified

2024-11-21 01:50

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

References

URL	Tags
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/03/05/4	Mailing List, Release Notes, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/58306	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/88360	Third Party Advisory, VDB Entry
secalert@redhat.com	https://security-tracker.debian.org/tracker/CVE-2013-1816	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/03/05/4	Mailing List, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/58306	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/88360	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2013-1816	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0
debian	debian_linux	10.0
redhat	enterprise_linux	6.0
fedoraproject	fedora	18

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09816CD2-0C21-487F-9D5D-3849C381047A",
              "versionEndExcluding": "1.19.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7574FF8-7F85-4AFC-AE2E-FFC5BE134B36",
              "versionEndExcluding": "1.20.3",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones anteriores a la versi\u00f3n 1.19.4 y versiones 1.20.x anteriores a 1.20.3, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) mediante el env\u00edo de una petici\u00f3n especialmente dise\u00f1ada."
    }
  ],
  "id": "CVE-2013-1816",
  "lastModified": "2024-11-21T01:50:26.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-20T20:15:10.937",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/58306"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88360"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-1816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/58306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-1816"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-06 21:15

Modified

2024-11-21 06:27

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T289408	Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T289408	Exploit, Issue Tracking, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en el panel de control de Mentor en la extensi\u00f3n GrowthExperiments en MediaWiki versiones hasta 1.36.2. Los encabezados Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, y growthexperiments-mentor-dashboard-mentee-overview-active-ago Los mensajes de MediaWiki no estaban siendo saneados correctamente y permit\u00edan una inyecci\u00f3n y ejecuci\u00f3n de HTML y JavaScript"
    }
  ],
  "id": "CVE-2021-42044",
  "lastModified": "2024-11-21T06:27:07.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-06T21:15:07.373",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T289408"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-10-09 06:15

Modified

2024-11-21 08:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T345040	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T345040	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	1.40.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A920574-0C59-4036-9878-C5A39EF82AA1",
              "versionEndExcluding": "1.35.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B3C0EF-1980-4F24-B0C6-B4BA77562DA3",
              "versionEndExcluding": "1.39.5",
              "versionStartIncluding": "1.36.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "195C853F-2D51-44A4-990E-8E04FF4E9AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n SportsTeams para MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. No busca el token de edici\u00f3n anti-CSRF en Special:SportsTeamsManager y Special:UpdateFavoriteTeams."
    }
  ],
  "id": "CVE-2023-45374",
  "lastModified": "2024-11-21T08:26:50.750",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T06:15:10.723",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T345040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T345040"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1	Issue Tracking, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T272333	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T272333	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki versiones hasta 1.35.2.\u0026#xa0;Un usuario de MediaWiki que est\u00e1 parcialmente bloqueado o que ha sido bloqueado sin \u00e9xito pod\u00eda omitir AbuseFilter y completar sus ediciones"
    }
  ],
  "id": "CVE-2021-31548",
  "lastModified": "2024-11-21T06:05:53.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.033",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T272333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T272333"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-15 08:29

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

References

URL	Tags
security@debian.org	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
security@debian.org	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4036	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.28.0
mediawiki	mediawiki	1.28.1
mediawiki	mediawiki	1.28.2
mediawiki	mediawiki	1.29.0
mediawiki	mediawiki	1.29.1
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17",
              "versionEndIncluding": "1.27.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules."
    },
    {
      "lang": "es",
      "value": "El convertidor de lenguaje en MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2 permiten ataques de inyecci\u00f3n de atributos mediante reglas de glosario."
    }
  ],
  "id": "CVE-2017-8815",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T08:29:00.813",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4036"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-06-24 23:15

Modified

2024-11-21 05:04

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31	Release Notes, Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33	Release Notes, Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34	Release Notes, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T248947	Patch, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4767	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T248947	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4767	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
fedoraproject	fedora	32
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFADC73E-BEFB-4D3B-A0C8-2E56BC4E25D8",
              "versionEndExcluding": "1.31.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF51F04A-A040-4C0B-AC1E-CA7909E90C48",
              "versionEndExcluding": "1.33.4",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83CA476B-AA3F-4AAE-A6A3-AE62019BCBF9",
              "versionEndExcluding": "1.34.2",
              "versionStartIncluding": "1.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled."
    },
    {
      "lang": "es",
      "value": "En MediaWiki en versiones anteriores a la 1.31.8, 1.32.x y 1.33.x versiones anteriores a la 1.33.4, y 1.34.x en versiones anteriores a la 1.34.2, los wikis privados que se encuentran detr\u00e1s de un servidor de almacenamiento en cach\u00e9 que utiliza la funci\u00f3n de seguridad de autorizaci\u00f3n de im\u00e1genes img_auth.php pueden haber tenido sus archivos almacenados en cach\u00e9 p\u00fablicamente, de modo que cualquier usuario no autorizado pueda verlos. Esto ocurre porque el control de la cach\u00e9 y las cabeceras de Vary se manejaron mal"
    }
  ],
  "id": "CVE-2020-15005",
  "lastModified": "2024-11-21T05:04:36.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-24T23:15:10.590",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T248947"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T248947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4767"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-10-29 19:15

Modified

2024-11-21 01:34

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

mediawiki allows deleted text to be exposed

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/cve-2012-0046	Broken Link
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://security-tracker.debian.org/tracker/CVE-2012-0046	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/cve-2012-0046	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2012-0046	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5742AE-1BD8-4676-95F7-DB7ED4A8822C",
              "versionEndExcluding": "1.17.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C314D4-C252-4D39-A766-C2BC15795F36",
              "versionEndExcluding": "1.18.1",
              "versionStartIncluding": "1.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mediawiki allows deleted text to be exposed"
    },
    {
      "lang": "es",
      "value": "mediawiki, permite que el texto eliminado sea expuesto."
    }
  ],
  "id": "CVE-2012-0046",
  "lastModified": "2024-11-21T01:34:16.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:13.280",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2012-0046"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2012-0046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2012-0046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2012-0046"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-22 03:15

Modified

2024-11-21 06:05

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1	Issue Tracking, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T152394	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T152394	Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4067807D-769C-485F-A7E3-EE96885BDCE7",
              "versionEndIncluding": "1.35.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n AbuseFilter para MediaWiki versiones hasta 1.35.2.\u0026#xa0;Ejecut\u00f3 inapropiadamente determinadas reglas relacionadas con el bloqueo de cuentas despu\u00e9s de la creaci\u00f3n de la cuenta.\u0026#xa0;Dichas reglas permitir\u00edan crear cuentas de usuario mientras se bloquea solo la direcci\u00f3n IP usada para crear una cuenta (y no la cuenta de usuario en s\u00ed).\u0026#xa0;Estas reglas tambi\u00e9n podr\u00edan ser usadas por un usuario infame y sin privilegios para catalogar y enumerar cualquier n\u00famero de direcciones IP relacionadas con estas creaciones de cuentas"
    }
  ],
  "id": "CVE-2021-31552",
  "lastModified": "2024-11-21T06:05:53.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T03:15:08.163",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T152394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T152394"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-18 08:15

Modified

2024-11-21 05:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T268917	Issue Tracking, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4816	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T268917	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4816	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
debian	debian_linux	10.0
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA95C77A-2616-4CCA-B07F-6A5CD7762BA1",
              "versionEndExcluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)"
    },
    {
      "lang": "es",
      "value": "En MediaWiki versiones anteriores a 1.35.1, unos mensajes userrights-expiry-current y userrights-expiry-none pueden contener HTML sin formato.\u0026#xa0;Un XSS puede ocurrir cuando un usuario visita Special:UserRights pero no posee derechos para cambiar todos los derechos de usuario, y la tabla del lado izquierdo presenta grupos que no se pueden cambiar.\u0026#xa0;(La columna de la derecha con los grupos modificables no est\u00e1 afectada y es escapada correctamente)"
    }
  ],
  "id": "CVE-2020-35475",
  "lastModified": "2024-11-21T05:27:22.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-18T08:15:15.137",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268917"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T268917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4816"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-09-29 03:15

Modified

2024-11-21 06:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d	Patch, Vendor Advisory
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T286385	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T286385	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "852AD0A4-1F54-4352-8554-34DE96EF04D9",
              "versionEndIncluding": "1.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n GlobalWatchlist de MediaWiki versiones hasta 1.36.2. Los mensajes rev-deleted-user y ntimes no son escapados apropiadamente y permit\u00edan a usuarios inyectar HTML y JavaScript"
    }
  ],
  "id": "CVE-2021-42046",
  "lastModified": "2024-11-21T06:27:07.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-29T03:15:14.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T286385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T286385"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-23 22:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
secalert@redhat.com	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html	Patch
secalert@redhat.com	http://secunia.com/advisories/44684
secalert@redhat.com	http://www.securityfocus.com/bid/47722
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=702512	Patch
secalert@redhat.com	https://bugzilla.wikimedia.org/show_bug.cgi?id=28534	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44684
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47722
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=702512	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.wikimedia.org/show_bug.cgi?id=28534	Exploit

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.1.0
mediawiki	mediawiki	1.2.0
mediawiki	mediawiki	1.2.1
mediawiki	mediawiki	1.2.2
mediawiki	mediawiki	1.2.3
mediawiki	mediawiki	1.2.4
mediawiki	mediawiki	1.2.5
mediawiki	mediawiki	1.2.6
mediawiki	mediawiki	1.3
mediawiki	mediawiki	1.3.0
mediawiki	mediawiki	1.3.1
mediawiki	mediawiki	1.3.2
mediawiki	mediawiki	1.3.3
mediawiki	mediawiki	1.3.4
mediawiki	mediawiki	1.3.5
mediawiki	mediawiki	1.3.6
mediawiki	mediawiki	1.3.7
mediawiki	mediawiki	1.3.8
mediawiki	mediawiki	1.3.9
mediawiki	mediawiki	1.3.10
mediawiki	mediawiki	1.3.11
mediawiki	mediawiki	1.3.12
mediawiki	mediawiki	1.3.13
mediawiki	mediawiki	1.3.14
mediawiki	mediawiki	1.3.15
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4
mediawiki	mediawiki	1.4.0
mediawiki	mediawiki	1.4.1
mediawiki	mediawiki	1.4.2
mediawiki	mediawiki	1.4.3
mediawiki	mediawiki	1.4.4
mediawiki	mediawiki	1.4.5
mediawiki	mediawiki	1.4.6
mediawiki	mediawiki	1.4.7
mediawiki	mediawiki	1.4.8
mediawiki	mediawiki	1.4.9
mediawiki	mediawiki	1.4.10
mediawiki	mediawiki	1.4.11
mediawiki	mediawiki	1.4.12
mediawiki	mediawiki	1.4.13
mediawiki	mediawiki	1.4.14
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5
mediawiki	mediawiki	1.5.0
mediawiki	mediawiki	1.5.1
mediawiki	mediawiki	1.5.2
mediawiki	mediawiki	1.5.3
mediawiki	mediawiki	1.5.4
mediawiki	mediawiki	1.5.5
mediawiki	mediawiki	1.5.6
mediawiki	mediawiki	1.5.7
mediawiki	mediawiki	1.5.8
mediawiki	mediawiki	1.6.0
mediawiki	mediawiki	1.6.1
mediawiki	mediawiki	1.6.2
mediawiki	mediawiki	1.6.3
mediawiki	mediawiki	1.6.4
mediawiki	mediawiki	1.6.5
mediawiki	mediawiki	1.6.6
mediawiki	mediawiki	1.6.7
mediawiki	mediawiki	1.6.8
mediawiki	mediawiki	1.6.9
mediawiki	mediawiki	1.6.10
mediawiki	mediawiki	1.6.11
mediawiki	mediawiki	1.6.12
mediawiki	mediawiki	1.7.0
mediawiki	mediawiki	1.7.1
mediawiki	mediawiki	1.7.2
mediawiki	mediawiki	1.7.3
mediawiki	mediawiki	1.8.0
mediawiki	mediawiki	1.8.1
mediawiki	mediawiki	1.8.2
mediawiki	mediawiki	1.8.3
mediawiki	mediawiki	1.8.4
mediawiki	mediawiki	1.8.5
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.0
mediawiki	mediawiki	1.9.1
mediawiki	mediawiki	1.9.2
mediawiki	mediawiki	1.9.3
mediawiki	mediawiki	1.9.4
mediawiki	mediawiki	1.9.5
mediawiki	mediawiki	1.9.6
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.0
mediawiki	mediawiki	1.10.1
mediawiki	mediawiki	1.10.2
mediawiki	mediawiki	1.10.3
mediawiki	mediawiki	1.10.4
mediawiki	mediawiki	1.11
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.0
mediawiki	mediawiki	1.11.1
mediawiki	mediawiki	1.11.2
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.0
mediawiki	mediawiki	1.12.1
mediawiki	mediawiki	1.12.2
mediawiki	mediawiki	1.12.3
mediawiki	mediawiki	1.12.4
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.0
mediawiki	mediawiki	1.13.1
mediawiki	mediawiki	1.13.2
mediawiki	mediawiki	1.13.3
mediawiki	mediawiki	1.13.4
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.0
mediawiki	mediawiki	1.14.1
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.0
mediawiki	mediawiki	1.15.1
mediawiki	mediawiki	1.15.2
mediawiki	mediawiki	1.15.3
mediawiki	mediawiki	1.15.4
mediawiki	mediawiki	1.15.5
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.0
mediawiki	mediawiki	1.16.1
mediawiki	mediawiki	1.16.2
mediawiki	mediawiki	1.16.3
microsoft	internet_explorer	*
microsoft	internet_explorer	3.0
microsoft	internet_explorer	4.0
microsoft	internet_explorer	5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7E40EC-1271-46F2-A41A-B93E198B6D8A",
              "versionEndIncluding": "1.16.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C96D337-1D37-4ADE-871D-9829928EE80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFB843C-4513-4569-9746-DA9FDD7A5CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F0F7A-8E50-4803-9670-F719D17400D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4CCA5C-3594-41B4-99F3-FC99BA0495BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0C81-CDB6-4A11-B6B0-DECB12558DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BD0855-A9C8-47CD-BB50-E422E0C4A1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A9DCC7-CF58-44CC-9489-51FA79EECDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D651C6-116D-448A-8569-BAB9BAEC7D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49AFC6EE-41C7-4369-8BA1-DDBF8A744ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F54837-5004-4D10-B3B0-502CED4F6592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09F36C1-CBC0-489E-B62D-4590A2E5A4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F0067D-534A-4238-A244-D92A73845432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEC422E-49BC-41D4-9F71-B834D4108EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D854161-28AA-4386-B90A-97F9692CE37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A0FA49-99DC-4691-968F-6AEB76B74370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0C6A2C-992B-45A0-8E0C-1AE983881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A77C7-8C7B-4F3A-B7FD-3505A9F37E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77FC97A-3BB2-4AA5-B0D6-C0D1FBEA5FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9393EF-083A-4662-BC7A-89979C2B8546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE6A4E-6BCE-499E-B017-1E0F8D1F65B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD90730F-BF26-46C5-83F8-039CD661C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA753-26F5-4142-B227-07DDF14DD8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D3B5E2-AC84-421D-AC10-3266D9575922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "326D4BFB-EFE7-4EAC-AA71-45E8C7E41538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "736DFCB7-B747-4F98-AB87-9023BCD0B5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "135A1FFF-8F52-48FF-A92A-0FC79FCC287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CF8143A-F16F-4E2F-8B12-AC278678CDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "617655A0-1ED3-44A5-9D83-E90D8EC8799E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3B19F77D-8975-432D-8572-F208EBC15068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9D692C6F-95AB-4332-95D8-007876792AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "DE9080FA-F32A-45AF-BB1E-18B85DD35830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF75E48-208A-4531-AC8D-B307FD4E288B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "174665BA-F231-45F6-922C-933B8A613009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B175F5A-7CB6-44E6-9E98-FB40F6D14FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45833DC-F104-42BB-8688-4DE66AFF72F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B316A8E-DED1-427B-8137-11C767E9DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A75AFB-2706-42FF-8534-B910997987AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F335EB4-1A74-4FAE-ADAF-AC9FB37A80DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "116C8AA3-481D-409A-ABA8-C8DA1EE8FF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DCE478-7D30-4BBC-8878-C3745D6ADAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBFFA2C-6768-4CB9-B0B0-BDB79CA1DEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0C4A1E-B084-4C78-BEE4-4E733159F367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2571B43E-234C-4312-9640-1E338092A673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D5C7E1-6664-4A90-9E55-1F53F98D7702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4963F3C5-A207-4BD3-9C3C-4EBAC1F5B2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE0D158-DB0B-45B2-9E26-E11A7D5D2CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "6086E5E9-F69F-47EE-9034-8196CC03E6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "49A43BF0-69CF-4694-9155-534FA31C26DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A0751BD8-505A-42A3-A150-3523F12B9047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F964DBAD-0569-41DD-975B-23A975050595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DE4462C-F9B2-47B3-8F17-FF729F5563FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3769AAA0-8492-40E1-B3EC-5E3BFE396809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E2616E5E-2D0B-4FD3-B43F-51D786F0D8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "94766FF8-FC72-4F8F-8005-7F34E4AA4042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D8693832-A576-492F-B4F7-B8415B3A5903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9214FE72-045E-457A-B3C5-BCDFC506DDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB55E62-A345-49F6-ACD0-A710977CA6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A340D0AB-2B4A-4DE6-9FA1-662D8F8205BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8B11E-5C0B-49B1-ACFA-5926057EF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A4EA0A-54E1-484A-ADDB-216CBC9C40FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0ABA75-E966-43A2-90B1-89557BB0B7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B6CE989-B7AD-42AA-986C-23266D965122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FD9374-5B8A-4102-A005-D3F39186ABBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4388FF-3C2C-41A7-A2A2-CC3E38994222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF847-B64C-4C12-8BF2-631F61B0618E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EF3827-9C87-4043-B10A-1D6AFCB64F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B1EDE8-940E-47C1-9CDA-C6BBE1BB9A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4554900-E09D-4D9D-99D4-FE5FDB3CDE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB0312-A147-4307-9491-46AEC2EC727C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48929086-E08E-472D-A503-4CA803A840D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98675FD-C9EA-49AB-BA9F-2CF5898203C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9B4718-DF85-4E77-B720-0EC3E0D318BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "132A745B-0A1B-4186-8BE2-88C24FF4A455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E710375D-F5B3-4998-AA7F-F931022CF6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3130C952-83B3-4755-99D7-D25C1447670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9842D148-50D2-4A52-A3E1-529670A25EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59DE5DF-B5A1-4C11-9FA9-03EA7F589694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C632052-D84B-41A1-B46F-1C1D9ADC72CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF36A02-DF6B-4657-94F6-255E4163FBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60380B60-DD11-42C9-9388-AED3244F39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "612210D5-FDBC-4A13-AACD-13198FE9D2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46046B16-3EE4-42C0-BA77-73300A641BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136E5FD9-C0A0-4970-8852-D97C5BC723E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5FD2871-90BB-4AFA-89D0-B9B5BE365771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D35193-8AF8-4CB9-A47D-A58DE389515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1CD7D7-546A-48FA-9C4C-1FB0CA22C6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD648C1-0908-43F8-951C-E7EBF8FB8CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40FB49B-1E96-44BC-A9B0-9BDB28F858A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "75D5AC3F-4D29-4882-A3C0-94951402ADD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A0921C-BEC5-4646-96FD-0529828B5BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4E8709-43E2-4ADC-8759-16AC265658C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A1D30-57E7-4010-B68A-8D22EA091FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF7C683-F6E2-4D79-B0F9-234C9FAFB7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C4B03-ABDF-4E94-8DE0-E035186E0F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "841A4099-1EB3-448A-81C2-67A68CF4B5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0983C0E-9035-4256-AC99-C2C81C1634E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "76F47EF6-2695-44FD-B4B0-9DE911BB57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FC61592E-7479-45C1-9263-D608B644EE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5460DB30-FA14-4017-BC8B-15F9451469F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2392D6-6ACF-4715-BBCD-B6DA9B91C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0071C35-877F-44C6-BC39-B1AE885D7313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83CF24-FC29-40C4-8B07-5FB6591E9812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C54ADEF-F360-41C6-AE27-B6D12E5BAF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A92668-4B5D-40A4-9A14-E7AD10086933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7266D827-F77D-4CC3-8237-4B35D072ACF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5EF0E-4E1B-4131-9142-5FBB59C235D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59B5992-716F-4901-BDD1-0C7E24BF9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "746023B5-2472-4FC9-BEDF-FE6A321F12B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0D18C85B-E82B-46AE-959E-3FD32DB6F294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66714539-F1E1-4C16-AA12-059EEB1B9DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80044C9-9F76-468E-84F7-D7D529004AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CD7F5A-F4E4-45B6-9179-BD1BCD75D297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BC3705-27C7-4969-AB6A-E7C09C708C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDE6D3-A26D-4ECD-B949-B9DDB53F67C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D3CC82BE-8DEA-47D7-B6B7-2FFDFB728ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AFD79470-63A7-438B-A3BE-CABDAD7F848C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26F4C94-E3A5-456E-8E5E-36BA67DD4BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C6D23B-B5C1-4F10-9F62-E81F639FF40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FA8F3C-2B6C-42FB-A6CE-EC2D8614E43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "973B7468-970D-475C-AAB2-D81833EAF12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A0789-0496-4940-A484-8B6689AA8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "241370F6-4941-43B4-AAD5-32A93AAC3B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A236174-7262-478C-8C96-61428EBCC575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAC942E-1BA2-419C-B464-20529D825053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "188AA942-A54E-4B48-A14E-1D4C2BB859EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D3ECE8-29AC-491A-BD11-1753EF65DA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA6109F-F5BE-4E65-AA9D-C1D0CB029521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0955D3BF-1120-40F6-87FB-D75B064E5C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA61CFC-F48E-4B7D-A61C-4BD585E87BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA7AA7B-9450-4AAD-8CBA-E483CD5A1CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4416B074-0C5E-4DD3-AA4D-B54AC635F00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EBA4FDC8-2F1B-4054-82BC-B79566ABE8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "62B86D8D-5E7A-43F5-9B6A-944ED4B8E4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD259B-921D-46BF-BE6E-F963288D92F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B163E10-BD02-481B-A78E-E4678C57CC75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "973D14D0-E5B5-499D-9F13-B3201D81E5C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD86898-37BB-46C6-AC7E-0A733398E2D7",
              "versionEndIncluding": "6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS)  en MediaWiki anterior a v1.16.5, cuando Internet Explorer 6 o anteriores es usado, permite a atacantes remotos inyectar c\u00f3digo web script de su elecci\u00f3n o HTML a trav\u00e9s de un archivo cargado acceder con un extensi\u00f3n peligrosa como .shtml al final de la cadena de consulta, en conjunci\u00f3n con una ruta URI modificada que tiene una secuencia %2E en lugar de el caracter . (punto) NOTA: esta vulnerabilidad existe debido a un parche incompleto para CVE-2011-1578 y CVE-2011-1587."
    }
  ],
  "id": "CVE-2011-1765",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-23T22:55:01.317",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/44684"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/47722"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-12-21 23:15

Modified

2024-11-21 05:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.

References

URL	Tags
cve@mitre.org	https://github.com/CWRUChielLab/CASAuth/pull/11	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T263498	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/CWRUChielLab/CASAuth/pull/11	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T263498	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC439F7D-8255-455F-A22C-2A6B655392D7",
              "versionEndIncluding": "1.35.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n CasAuth para MediaWiki versiones hasta 1.35.1.\u0026#xa0;Debido a una comprobaci\u00f3n inapropiada del nombre de usuario, permiti\u00f3 la suplantaci\u00f3n del usuario con manipulaciones triviales de determinados caracteres dentro de un nombre de usuario determinado.\u0026#xa0;Un usuario com\u00fan es capaz de iniciar sesi\u00f3n como un \"bureaucrat user\" que presenta un nombre de usuario similar, como es demostrado por los nombres de usuario que solo difieren en (1) s\u00edmbolos de anulaci\u00f3n bidireccionales o (2) espacios en blanco"
    }
  ],
  "id": "CVE-2020-35623",
  "lastModified": "2024-11-21T05:27:43.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T23:15:12.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T263498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T263498"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-706"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-13 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T85850	Exploit
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T85850	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	1.20
mediawiki	mediawiki	1.20.1
mediawiki	mediawiki	1.20.2
mediawiki	mediawiki	1.20.3
mediawiki	mediawiki	1.20.4
mediawiki	mediawiki	1.20.5
mediawiki	mediawiki	1.20.6
mediawiki	mediawiki	1.20.7
mediawiki	mediawiki	1.20.8
mediawiki	mediawiki	1.21
mediawiki	mediawiki	1.21.1
mediawiki	mediawiki	1.21.2
mediawiki	mediawiki	1.21.3
mediawiki	mediawiki	1.21.4
mediawiki	mediawiki	1.21.5
mediawiki	mediawiki	1.21.6
mediawiki	mediawiki	1.21.7
mediawiki	mediawiki	1.21.8
mediawiki	mediawiki	1.21.9
mediawiki	mediawiki	1.21.10
mediawiki	mediawiki	1.21.11
mediawiki	mediawiki	1.22.0
mediawiki	mediawiki	1.22.1
mediawiki	mediawiki	1.22.2
mediawiki	mediawiki	1.22.3
mediawiki	mediawiki	1.22.4
mediawiki	mediawiki	1.22.5
mediawiki	mediawiki	1.22.6
mediawiki	mediawiki	1.22.7
mediawiki	mediawiki	1.22.8
mediawiki	mediawiki	1.22.9
mediawiki	mediawiki	1.22.10
mediawiki	mediawiki	1.22.11
mediawiki	mediawiki	1.22.12
mediawiki	mediawiki	1.22.13
mediawiki	mediawiki	1.22.14
mediawiki	mediawiki	1.22.15
mediawiki	mediawiki	1.23.0
mediawiki	mediawiki	1.23.1
mediawiki	mediawiki	1.23.2
mediawiki	mediawiki	1.23.3
mediawiki	mediawiki	1.23.4
mediawiki	mediawiki	1.23.5
mediawiki	mediawiki	1.23.6
mediawiki	mediawiki	1.23.7
mediawiki	mediawiki	1.23.8
mediawiki	mediawiki	1.24.0
mediawiki	mediawiki	1.24.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5069E3E0-7640-4FA3-8C6F-BA96AFC545EE",
              "versionEndIncluding": "1.19.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA45494-185A-4ED1-8818-D9F14EB9B59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59319309-D926-4353-8E0C-1FE0CB97E4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA15B197-EC42-49F0-8764-E315CDA7EA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD4CD3D-6022-4F75-A524-5A5247EF23AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B95AE3-6FA0-44BD-A78A-F059613B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646567-FF30-4FBA-96C5-914EB3C85D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF088531-6875-49A2-B220-D7EC38ECC50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "902A7EE8-90AA-4B0D-9142-DFCDA5AC8914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6CD057-EBC4-4909-9734-80577AFDED40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "383CE1D8-7A58-4C24-8898-8C592F98EFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA12531-818E-4AD7-A3E7-467604775416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E87AB00-90DD-4548-B23A-42673DDFD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8F235-2F1B-4198-A91E-B2723293AA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A5F4A7-40E7-42D0-8482-647D0EC54AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10A8FAC-7506-48B8-A4EE-B7A1BE20537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF797B5-8348-481C-AB6F-154DEA0E5281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E627F80-E6AA-4627-B58E-D6B2A08269BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA54E0F2-3B21-469F-A3FB-8E41E1857447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CFF4B5-5827-4795-960A-201BA1BCF1A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9D6B62-13CD-4307-94BB-A7210761A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.21.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C36F51-CCCC-41D1-A43B-B8F77CE632B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB117E2F-D4CD-4CED-BCEF-3C821A431F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B461B44C-37D2-480B-9645-B7E8720416C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491E3AD-0FB2-41CD-B852-CAFCA397A45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD50108-A301-4B5B-9047-6FD6792442B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BBFEC5-A933-4178-919D-9AC87CF76D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CA0EC-1AC1-48A1-8BB8-95DCCE1C283A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9343410C-E076-4362-8094-5BA5582E9675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96BBB28-AB3C-4082-B035-8CCB761C2530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7389C3B9-B32D-46CC-8615-22CF7BDCD829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "179FC802-541F-40EE-BB76-A4B745A9EA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3332E0EC-49D6-4EB2-8A2E-CC204EA1C475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E59021C-8DDF-4849-9490-AD8F98B834BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E90FCD-B032-4BD8-84D6-763E0FDB48B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A92544-BEA9-436F-BC22-CC90808D53F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DB10EA-CA68-40BE-862D-0B351456F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "97675F56-1442-460D-842C-755304D69217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6044842D-0C23-4683-9BCC-9FE40AE8353F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BFCBB5A-F5F8-400E-916A-EB87F84853D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2898DFC3-7C3A-4C12-A3D2-4CEB3C66C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04082771-E3E2-49EE-8840-0170F3B3519F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9B27B7-7800-4E35-97CA-B16450EEC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEA6C00-BDCF-439C-8A04-B581361781EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B931CC-CEA7-4C14-875E-A0D215CE5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE300CC-68D6-46C7-8CC0-605F94FFC327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "764ECEE9-EFB6-4C52-84E6-0F6827CF5DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de lista negra incompleta en includes/upload/UploadBase.php en MediaWiki anterior a 1.19.24, 1.2x anterior a 1.23.9, y 1.24.x anterior a 1.24.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un tipo MIME application/xml para un SVG anidado con una URI data:."
    }
  ],
  "id": "CVE-2015-2931",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:04.443",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T85850"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://phabricator.wikimedia.org/T85850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 16:15

Modified

2024-11-21 04:22

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T207603	Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T207603	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50818088-DA3C-4C58-9D42-4B7E9EF003E1",
              "versionEndExcluding": "1.30.2",
              "versionStartIncluding": "1.30.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8AFEFD-8776-4722-82BC-21CC1214FCCC",
              "versionEndExcluding": "1.31.2",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "631F30ED-1171-42E5-8FAF-AC9230CED0C5",
              "versionEndExcluding": "1.32.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
    },
    {
      "lang": "es",
      "value": "MediaWiki versiones 1.30.0 hasta 1.32.1 de Wikimedia, presenta un problema de tipo XSS. Cargando un JavaScript de usuario desde una cuenta no existente permite a cualquiera crear la cuenta y ejecutar ataques XSS en los usuarios que cargan ese script. Se corrigi\u00f3 en las versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6."
    }
  ],
  "id": "CVE-2019-12471",
  "lastModified": "2024-11-21T04:22:55.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T16:15:11.150",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T207603"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T207603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-10 17:15

Modified

2024-11-21 04:22

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

URL	Tags
cve@mitre.org	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Mailing List, Release Notes, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T222036	Vendor Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/12	Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	Mailing List, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T222036	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/12	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4460	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73DB4FC-F058-41A4-8A93-B7902283741B",
              "versionEndExcluding": "1.27.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFD5C137-122F-42C8-94D7-0FCD48F92CC0",
              "versionEndExcluding": "1.30.2",
              "versionStartIncluding": "1.27.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8AFEFD-8776-4722-82BC-21CC1214FCCC",
              "versionEndExcluding": "1.31.2",
              "versionStartIncluding": "1.31.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "631F30ED-1171-42E5-8FAF-AC9230CED0C5",
              "versionEndExcluding": "1.32.2",
              "versionStartIncluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
    },
    {
      "lang": "es",
      "value": "MediaWiki hasta la versi\u00f3n 1.32.1, presenta un Control de Acceso Incorrecto. Un nombre de usuario o inicio de sesi\u00f3n suprimido de Special:EditTags est\u00e1n expuestos. Corregido en versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6."
    }
  ],
  "id": "CVE-2019-12469",
  "lastModified": "2024-11-21T04:22:55.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T17:15:12.087",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T222036"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T222036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-02 13:15

Modified

2024-11-21 06:13

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T280590	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T280590	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C62AE2-E1C5-4E32-A222-CCF9024B45D3",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en la extensi\u00f3n FileImporter de MediaWiki versiones hasta 1.36. Para determinadas configuraciones relajadas de la variable $wgFileImporterRequiredRight, podr\u00eda no comprobar todos los derechos de usuario apropiados, permitiendo as\u00ed a un usuario con derechos insuficientes llevar a cabo operaciones (espec\u00edficamente subidas de archivos) que no deber\u00edan permitirse llevarse a cabo"
    }
  ],
  "id": "CVE-2021-36132",
  "lastModified": "2024-11-21T06:13:10.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T13:15:07.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T280590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T280590"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-10-31 20:15

Modified

2024-11-21 01:50

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html	Mailing List, Release Notes, Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html	Mailing List, Release Notes, Third Party Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/04/16/12	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/59077	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://phabricator.wikimedia.org/T48084	Vendor Advisory
secalert@redhat.com	https://security-tracker.debian.org/tracker/CVE-2013-1951	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html	Mailing List, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html	Mailing List, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201310-21.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/04/16/12	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/59077	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T48084	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2013-1951	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
linux	linux_kernel	-
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CC4382-B073-4181-B343-89C47E0E6860",
              "versionEndExcluding": "1.19.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F712574E-FE25-4C71-A8C6-69837F01E557",
              "versionEndExcluding": "1.20.4",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones anteriores a 1.19.5 y versiones 1.20.x anteriores a 1.20.4 y permite a atacantes remotos inyectar script web o HTML arbitrario por medio de nombres de funci\u00f3n de Lua."
    }
  ],
  "id": "CVE-2013-1951",
  "lastModified": "2024-11-21T01:50:44.223",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-31T20:15:10.757",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/04/16/12"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/59077"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T48084"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-1951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/04/16/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/59077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T48084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-1951"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T161453	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0367	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T161453	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0367	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1 y la 1.27.2, contiene un uso inseguro de un directorio temporal, en el que tener por defecto el directorio LocalisationCache en el directorio system tmp no es seguro."
    }
  ],
  "id": "CVE-2017-0367",
  "lastModified": "2024-11-21T03:02:50.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.673",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T161453"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T161453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0367"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-13 16:29

Modified

2024-11-21 03:02

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

References

URL	Tags
security@debian.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
security@debian.org	https://phabricator.wikimedia.org/T122209	Issue Tracking, Third Party Advisory
security@debian.org	https://security-tracker.debian.org/tracker/CVE-2017-0364	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T122209	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2017-0364	Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	*
mediawiki	mediawiki	*
mediawiki	mediawiki	*
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C776BA-0AEF-4225-AC4C-38753A764076",
              "versionEndIncluding": "1.23.16",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9419B89-A512-4C79-8085-2AB9D7A19C85",
              "versionEndExcluding": "1.27.2",
              "versionStartIncluding": "1.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ABB422D-95AC-48E6-AEFF-1F2915354494",
              "versionEndExcluding": "1.28.1",
              "versionStartIncluding": "1.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link."
    },
    {
      "lang": "es",
      "value": "Mediawiki, en versiones anteriores a la 1.28.1, 1.27.2 y la 1.23.16, contiene un error por el cual Special:Search permite la redirecci\u00f3n a cualquier enlace de interwiki."
    }
  ],
  "id": "CVE-2017-0364",
  "lastModified": "2024-11-21T03:02:50.393",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-13T16:29:00.470",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T122209"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T122209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-0364"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-20 19:15

Modified

2025-04-03 16:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.

References

▶	URL	Tags
	cve@mitre.org	https://phabricator.wikimedia.org/T311337	Exploit, Issue Tracking, Patch, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T311337	Exploit, Issue Tracking, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.0
mediawiki	mediawiki	1.39.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "243E4420-7054-4190-8270-76E09207FC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "90D9672A-851F-46B0-AA0D-35991D7802E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5141FCFC-D842-49B8-9385-5EE2DB6E7BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mediawiki:mediawiki:1.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A716F56-5EB8-4ECA-9F7E-A701AA0D89EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser para MediaWiki hasta 1.39.x. Varios componentes de esta extensi\u00f3n pueden exponer informaci\u00f3n sobre qui\u00e9n realiza las ediciones y las acciones registradas. Esta informaci\u00f3n no deber\u00eda permitir la visualizaci\u00f3n p\u00fablica: se supone que s\u00f3lo debe ser visible para usuarios con derechos de supresi\u00f3n."
    }
  ],
  "id": "CVE-2022-39193",
  "lastModified": "2025-04-03T16:15:23.657",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-20T19:15:15.250",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T311337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T311337"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2023-22910 (GCVE-0-2023-22910)

Vulnerability from cvelistv5

Published

2023-01-20 00:00

Modified

2025-04-03 15:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability.

References

►

URL

Tags

https://phabricator.wikimedia.org/T323592

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:31.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T323592"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-22910",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T15:14:29.669274Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T15:15:05.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-20T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T323592"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-22910",
    "datePublished": "2023-01-20T00:00:00.000Z",
    "dateReserved": "2023-01-10T00:00:00.000Z",
    "dateUpdated": "2025-04-03T15:15:05.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40604 (GCVE-0-2024-40604)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2025-03-18 18:54

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.

References

►

URL

Tags

https://phabricator.wikimedia.org/T361450

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40604",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T13:06:31.585093Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T18:54:13.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T361450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:27:14.251Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T361450"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40604",
    "datePublished": "2024-07-06T00:00:00.000Z",
    "dateReserved": "2024-07-06T00:00:00.000Z",
    "dateUpdated": "2025-03-18T18:54:13.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19910 (GCVE-0-2019-19910)

Vulnerability from cvelistv5

Published

2019-12-19 18:41

Modified

2024-08-05 02:32

Severity ?

CWE

n/a

Summary

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T240487	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:09.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T240487"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client\u0027s IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-19T18:41:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T240487"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19910",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client\u0027s IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T240487",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T240487"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19910",
    "datePublished": "2019-12-19T18:41:25",
    "dateReserved": "2019-12-19T00:00:00",
    "dateUpdated": "2024-08-05T02:32:09.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36128 (GCVE-0-2021-36128)

Vulnerability from cvelistv5

Published

2021-07-02 13:00

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T281972	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T281972"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T13:00:45",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T281972"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T281972",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T281972"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I3e65690695313380c798b62edfda726b6e374f89"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I15d14c88a1e30df92c470bc191c4ee573172d4d1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36128",
    "datePublished": "2021-07-02T13:00:45",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30157 (GCVE-0-2021-30157)

Vulnerability from cvelistv5

Published

2021-04-06 06:43

Modified

2024-08-03 22:24

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T278058	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4889	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202107-40	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T278058"
          },
          {
            "name": "DSA-4889",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4889"
          },
          {
            "name": "FEDORA-2021-f4223b6684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
          },
          {
            "name": "FEDORA-2021-d298103d3a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
          },
          {
            "name": "GLSA-202107-40",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-17T07:06:29",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T278058"
        },
        {
          "name": "DSA-4889",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4889"
        },
        {
          "name": "FEDORA-2021-f4223b6684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
        },
        {
          "name": "FEDORA-2021-d298103d3a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
        },
        {
          "name": "GLSA-202107-40",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-40"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30157",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T278058",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T278058"
            },
            {
              "name": "DSA-4889",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4889"
            },
            {
              "name": "FEDORA-2021-f4223b6684",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
            },
            {
              "name": "FEDORA-2021-d298103d3a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
            },
            {
              "name": "GLSA-202107-40",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-40"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30157",
    "datePublished": "2021-04-06T06:43:05",
    "dateReserved": "2021-04-06T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9276 (GCVE-0-2014-9276)

Vulnerability from cvelistv5

Published

2015-01-04 21:00

Modified

2024-08-06 13:40

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.

References

►

URL

Tags

	http://securitytracker.com/id?1031301	vdb-entry, x_refsource_SECTRACK
	http://www.openwall.com/lists/oss-security/2014/12/03/9	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/12/04/16	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T73111	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:24.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1031301",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1031301"
          },
          {
            "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
          },
          {
            "name": "[oss-security] 20141204  Re: MediaWiki security release - 1.23.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T73111"
          },
          {
            "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-04T20:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1031301",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1031301"
        },
        {
          "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
        },
        {
          "name": "[oss-security] 20141204  Re: MediaWiki security release - 1.23.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T73111"
        },
        {
          "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1031301",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1031301"
            },
            {
              "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
            },
            {
              "name": "[oss-security] 20141204  Re: MediaWiki security release - 1.23.7",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
            },
            {
              "name": "https://phabricator.wikimedia.org/T73111",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T73111"
            },
            {
              "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9276",
    "datePublished": "2015-01-04T21:00:00",
    "dateReserved": "2014-12-04T00:00:00",
    "dateUpdated": "2024-08-06T13:40:24.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9476 (GCVE-0-2014-9476)

Vulnerability from cvelistv5

Published

2015-01-16 16:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."

References

►

URL

Tags

	https://phabricator.wikimedia.org/T77028	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/01/03/13	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/12/21/2	mailing-list, x_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:006	vendor-advisory, x_refsource_MANDRIVA
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T77028"
          },
          {
            "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
          },
          {
            "name": "MDVSA-2015:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
          },
          {
            "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by \"http://en.wikipedia.org.evilsite.example/.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-02-04T17:57:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T77028"
        },
        {
          "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
        },
        {
          "name": "MDVSA-2015:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
        },
        {
          "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by \"http://en.wikipedia.org.evilsite.example/.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T77028",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T77028"
            },
            {
              "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
            },
            {
              "name": "MDVSA-2015:006",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
            },
            {
              "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9476",
    "datePublished": "2015-01-16T16:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4589 (GCVE-0-2009-4589)

Vulnerability from cvelistv5

Published

2010-01-07 18:13

Modified

2024-08-07 07:08

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

References

►

URL

Tags

	http://www.securityfocus.com/bid/35662	vdb-entry, x_refsource_BID
	http://osvdb.org/55824	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/35818	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=19693	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1882	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/51687	vdb-entry, x_refsource_XF
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:08:38.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35662",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35662"
          },
          {
            "name": "55824",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/55824"
          },
          {
            "name": "35818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35818"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
          },
          {
            "name": "ADV-2009-1882",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1882"
          },
          {
            "name": "mediawiki-specialblocks-xss(51687)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
          },
          {
            "name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35662",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35662"
        },
        {
          "name": "55824",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/55824"
        },
        {
          "name": "35818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35818"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
        },
        {
          "name": "ADV-2009-1882",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1882"
        },
        {
          "name": "mediawiki-specialblocks-xss(51687)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
        },
        {
          "name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4589",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35662",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35662"
            },
            {
              "name": "55824",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/55824"
            },
            {
              "name": "35818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35818"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=19693"
            },
            {
              "name": "ADV-2009-1882",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1882"
            },
            {
              "name": "mediawiki-specialblocks-xss(51687)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51687"
            },
            {
              "name": "[mediawiki-announce] 20090713 MediaWiki security update: 1.15.1 and 1.14.1",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4589",
    "datePublished": "2010-01-07T18:13:00",
    "dateReserved": "2010-01-07T00:00:00",
    "dateUpdated": "2024-08-07T07:08:38.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31552 (GCVE-0-2021-31552)

Vulnerability from cvelistv5

Published

2021-04-22 02:29

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T152394	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T152394"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:29:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T152394"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31552",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T152394",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T152394"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31552",
    "datePublished": "2021-04-22T02:29:41",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46150 (GCVE-0-2021-46150)

Vulnerability from cvelistv5

Published

2022-01-07 05:53

Modified

2024-08-04 05:02

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T292795	x_refsource_MISC
	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:02:10.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T292795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-07T05:53:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T292795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-46150",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T292795",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T292795"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46150",
    "datePublished": "2022-01-07T05:53:30",
    "dateReserved": "2022-01-07T00:00:00",
    "dateUpdated": "2024-08-04T05:02:10.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0368 (GCVE-0-2017-0368)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 23:30

Severity ?

CWE

missing sanitization

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T156184	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2017-0368	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:57.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T156184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "missing sanitization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T156184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0368"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "Make rawHTML mode not apply to system messages",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0368",
          "STATE": "PUBLIC",
          "TITLE": "Make rawHTML mode not apply to system messages"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "missing sanitization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T156184",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T156184"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0368",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0368"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0368",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T23:30:26.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0365 (GCVE-0-2017-0365)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 18:03

Severity ?

CWE

cross-site scripting

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T144845	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2017-0365	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:56.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T144845"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T144845"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0365"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "XSS in SearchHighlighter::highlightText() [requires non-default config]",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0365",
          "STATE": "PUBLIC",
          "TITLE": "XSS in SearchHighlighter::highlightText() [requires non-default config]"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T144845",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T144845"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0365",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0365"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0365",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T18:03:35.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0367 (GCVE-0-2017-0367)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-17 00:01

Severity ?

CWE

usafe use of system tmp directory.

Summary

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T161453	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2017-0367	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:57.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T161453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "usafe use of system tmp directory.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T161453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0367"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "Having LocalisationCache directory default to system tmp directory is insecure",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0367",
          "STATE": "PUBLIC",
          "TITLE": "Having LocalisationCache directory default to system tmp directory is insecure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "usafe use of system tmp directory."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T161453",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T161453"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0367",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0367"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0367",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-17T00:01:46.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-1245 (GCVE-0-2005-1245)

Vulnerability from cvelistv5

Published

2005-04-24 04:00

Modified

2024-08-07 21:44

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/20210	vdb-entry, x_refsource_XF
	http://www.osvdb.org/15719	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/14993	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/13301	vdb-entry, x_refsource_BID
	http://sourceforge.net/project/shownotes.php?release_id=322146	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:44:05.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-unknown-xss(20210)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20210"
          },
          {
            "name": "15719",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/15719"
          },
          {
            "name": "14993",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14993"
          },
          {
            "name": "13301",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13301"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=322146"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mediawiki-unknown-xss(20210)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20210"
        },
        {
          "name": "15719",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/15719"
        },
        {
          "name": "14993",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14993"
        },
        {
          "name": "13301",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13301"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=322146"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1245",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mediawiki-unknown-xss(20210)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20210"
            },
            {
              "name": "15719",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/15719"
            },
            {
              "name": "14993",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14993"
            },
            {
              "name": "13301",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13301"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=322146",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=322146"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1245",
    "datePublished": "2005-04-24T04:00:00",
    "dateReserved": "2005-04-24T00:00:00",
    "dateUpdated": "2024-08-07T21:44:05.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8810 (GCVE-0-2017-8810)

Vulnerability from cvelistv5

Published

2017-11-15 08:00

Modified

2024-08-05 16:48

Severity ?

CWE

information leak because of response discrepancy

Summary

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4036	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2	Version: MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:22.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
          },
          {
            "name": "DSA-4036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak because of response discrepancy",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-16T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
        },
        {
          "name": "DSA-4036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-8810",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak because of response discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
            },
            {
              "name": "DSA-4036",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-8810",
    "datePublished": "2017-11-15T08:00:00",
    "dateReserved": "2017-05-07T00:00:00",
    "dateUpdated": "2024-08-05T16:48:22.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2934 (GCVE-0-2015-2934)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T88310	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T88310"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T88310"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2934",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T88310",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T88310"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2934",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6335 (GCVE-0-2016-6335)

Vulnerability from cvelistv5

Published

2017-04-20 17:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T139570	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T139565	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T139570"
          },
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T139565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-20T16:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T139570"
        },
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T139565"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6335",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T139570",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T139570"
            },
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "https://phabricator.wikimedia.org/T139565",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T139565"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6335",
    "datePublished": "2017-04-20T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5391 (GCVE-0-2012-5391)

Vulnerability from cvelistv5

Published

2014-06-02 15:00

Modified

2024-08-06 21:05

Severity ?

CWE

n/a

Summary

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/83008	vdb-entry, x_refsource_XF
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=40995	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-cve20125391-session-hijacking(83008)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83008"
          },
          {
            "name": "[MediaWiki-announce] 20121130 MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
          },
          {
            "name": "FEDORA-2013-3227",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html"
          },
          {
            "name": "FEDORA-2013-3265",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html"
          },
          {
            "name": "FEDORA-2013-2090",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40995"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mediawiki-cve20125391-session-hijacking(83008)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83008"
        },
        {
          "name": "[MediaWiki-announce] 20121130 MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
        },
        {
          "name": "FEDORA-2013-3227",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html"
        },
        {
          "name": "FEDORA-2013-3265",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html"
        },
        {
          "name": "FEDORA-2013-2090",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40995"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5391",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mediawiki-cve20125391-session-hijacking(83008)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83008"
            },
            {
              "name": "[MediaWiki-announce] 20121130 MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
            },
            {
              "name": "FEDORA-2013-3227",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100843.html"
            },
            {
              "name": "FEDORA-2013-3265",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100845.html"
            },
            {
              "name": "FEDORA-2013-2090",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40995",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40995"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5391",
    "datePublished": "2014-06-02T15:00:00",
    "dateReserved": "2012-10-17T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-0737 (GCVE-0-2009-0737)

Vulnerability from cvelistv5

Published

2009-02-25 20:00

Modified

2024-08-07 04:48

Severity ?

CWE

n/a

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

►

URL

Tags

	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://www.debian.org/security/2009/dsa-1901	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33881	third-party-advisory, x_refsource_SECUNIA
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/33681	vdb-entry, x_refsource_BID
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/0368	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:51.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES"
          },
          {
            "name": "DSA-1901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1901"
          },
          {
            "name": "33881",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33881"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES"
          },
          {
            "name": "[MediaWiki-announce] 20090207 MediaWiki releases: security update and new major branch",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html"
          },
          {
            "name": "33681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES"
          },
          {
            "name": "ADV-2009-0368",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-10-14T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES"
        },
        {
          "name": "DSA-1901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1901"
        },
        {
          "name": "33881",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33881"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES"
        },
        {
          "name": "[MediaWiki-announce] 20090207 MediaWiki releases: security update and new major branch",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html"
        },
        {
          "name": "33681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES"
        },
        {
          "name": "ADV-2009-0368",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0737",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES"
            },
            {
              "name": "DSA-1901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1901"
            },
            {
              "name": "33881",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33881"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES"
            },
            {
              "name": "[MediaWiki-announce] 20090207 MediaWiki releases: security update and new major branch",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html"
            },
            {
              "name": "33681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33681"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES"
            },
            {
              "name": "ADV-2009-0368",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0737",
    "datePublished": "2009-02-25T20:00:00",
    "dateReserved": "2009-02-25T00:00:00",
    "dateUpdated": "2024-08-07T04:48:51.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35475 (GCVE-0-2020-35475)

Vulnerability from cvelistv5

Published

2020-12-18 07:32

Modified

2024-08-04 17:02

Severity ?

CWE

n/a

Summary

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

References

►

URL

Tags

	https://phabricator.wikimedia.org/T268917	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4816	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T268917"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
          },
          {
            "name": "DSA-4816",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4816"
          },
          {
            "name": "FEDORA-2020-0be2d40e13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-27T03:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T268917"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
        },
        {
          "name": "DSA-4816",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4816"
        },
        {
          "name": "FEDORA-2020-0be2d40e13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T268917",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T268917"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
            },
            {
              "name": "DSA-4816",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4816"
            },
            {
              "name": "FEDORA-2020-0be2d40e13",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35475",
    "datePublished": "2020-12-18T07:32:34",
    "dateReserved": "2020-12-16T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9477 (GCVE-0-2014-9477)

Vulnerability from cvelistv5

Published

2015-01-16 16:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T77624	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/01/03/13	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/12/21/2	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:40.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T77624"
          },
          {
            "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
          },
          {
            "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-16T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T77624"
        },
        {
          "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
        },
        {
          "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9477",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T77624",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T77624"
            },
            {
              "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
            },
            {
              "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9477",
    "datePublished": "2015-01-16T16:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:40.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12471 (GCVE-0-2019-12471)

Vulnerability from cvelistv5

Published

2019-07-10 15:49

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

►

URL

Tags

	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://phabricator.wikimedia.org/T207603	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T207603"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T15:50:49",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T207603"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://phabricator.wikimedia.org/T207603",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T207603"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12471",
    "datePublished": "2019-07-10T15:49:21",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:37.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36126 (GCVE-0-2021-36126)

Vulnerability from cvelistv5

Published

2021-07-02 13:01

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T284364	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T284364"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T13:01:05",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T284364"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T284364",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T284364"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I9e9f44b7663e810de70fb9ac7f6760f83dd4895b"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36126",
    "datePublished": "2021-07-02T13:01:05",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35478 (GCVE-0-2020-35478)

Vulnerability from cvelistv5

Published

2020-12-18 07:33

Modified

2024-08-04 17:02

Severity ?

CWE

n/a

Summary

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T268938	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T268938"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
          },
          {
            "name": "FEDORA-2020-0be2d40e13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-27T03:06:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T268938"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
        },
        {
          "name": "FEDORA-2020-0be2d40e13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35478",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T268938",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T268938"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
            },
            {
              "name": "FEDORA-2020-0be2d40e13",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35478",
    "datePublished": "2020-12-18T07:33:43",
    "dateReserved": "2020-12-16T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-13258 (GCVE-0-2018-13258)

Vulnerability from cvelistv5

Published

2018-10-04 20:00

Modified

2024-09-16 23:21

Severity ?

CWE

missing .htaccess files in release tarball used to protect directories that shouldn't be web accessible.

Summary

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1041695	vdb-entry, x_refsource_SECTRACK
	https://phabricator.wikimedia.org/T199029	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: 1.31 before 1.31.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:00:34.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
          },
          {
            "name": "1041695",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T199029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "1.31 before 1.31.1"
            }
          ]
        }
      ],
      "datePublic": "2018-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn\u0027t be web accessible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "missing .htaccess files in release tarball used to protect directories that shouldn\u0027t be web accessible.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-05T09:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
        },
        {
          "name": "1041695",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T199029"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Tarball was missing .htaccess files",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2018-09-20T21:18:00.000Z",
          "ID": "CVE-2018-13258",
          "STATE": "PUBLIC",
          "TITLE": "Tarball was missing .htaccess files"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.31 before 1.31.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn\u0027t be web accessible."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "missing .htaccess files in release tarball used to protect directories that shouldn\u0027t be web accessible."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
            },
            {
              "name": "1041695",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041695"
            },
            {
              "name": "https://phabricator.wikimedia.org/T199029",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T199029"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2018-13258",
    "datePublished": "2018-10-04T20:00:00Z",
    "dateReserved": "2018-07-05T00:00:00",
    "dateUpdated": "2024-09-16T23:21:06.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4568 (GCVE-0-2013-4568)

Vulnerability from cvelistv5

Published

2013-12-13 18:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.

References

►

URL

Tags

	http://secunia.com/advisories/57472	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2014/dsa-2891	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.wikimedia.org/attachment.cgi?id=13452&action=diff	x_refsource_MISC
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/63761	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=55332	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "57472",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57472"
          },
          {
            "name": "DSA-2891",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2891"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=13452\u0026action=diff"
          },
          {
            "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
          },
          {
            "name": "FEDORA-2013-21856",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
          },
          {
            "name": "63761",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/63761"
          },
          {
            "name": "FEDORA-2013-21874",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of \"expression\" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "57472",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57472"
        },
        {
          "name": "DSA-2891",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2891"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=13452\u0026action=diff"
        },
        {
          "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
        },
        {
          "name": "FEDORA-2013-21856",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
        },
        {
          "name": "63761",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/63761"
        },
        {
          "name": "FEDORA-2013-21874",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of \"expression\" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "57472",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57472"
            },
            {
              "name": "DSA-2891",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2891"
            },
            {
              "name": "https://bugzilla.wikimedia.org/attachment.cgi?id=13452\u0026action=diff",
              "refsource": "MISC",
              "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=13452\u0026action=diff"
            },
            {
              "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
            },
            {
              "name": "FEDORA-2013-21856",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
            },
            {
              "name": "63761",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/63761"
            },
            {
              "name": "FEDORA-2013-21874",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4568",
    "datePublished": "2013-12-13T18:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22945 (GCVE-0-2023-22945)

Vulnerability from cvelistv5

Published

2023-01-11 00:00

Modified

2025-04-07 18:32

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

n/a

Summary

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T321733
	https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:31.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T321733"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88"
          },
          {
            "name": "FEDORA-2023-30a7a812f0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-22945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T17:52:25.253477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T18:32:19.686Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-27T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T321733"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88"
        },
        {
          "name": "FEDORA-2023-30a7a812f0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-22945",
    "datePublished": "2023-01-11T00:00:00.000Z",
    "dateReserved": "2023-01-11T00:00:00.000Z",
    "dateUpdated": "2025-04-07T18:32:19.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42045 (GCVE-0-2021-42045)

Vulnerability from cvelistv5

Published

2021-10-06 20:49

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T289385	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.967Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T289385"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:39:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T289385"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42045",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T289385",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T289385"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42045",
    "datePublished": "2021-10-06T20:49:18",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36674 (GCVE-0-2023-36674)

Vulnerability from cvelistv5

Published

2023-08-20 00:00

Modified

2024-10-08 14:27

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T335612
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T335612"
          },
          {
            "name": "FEDORA-2023-1fcaba0998",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
          },
          {
            "name": "FEDORA-2023-d8ae3c122e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
          },
          {
            "name": "FEDORA-2023-7e9d6015f6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36674",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:27:32.840293Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:27:38.887Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-15T20:06:47.791631",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T335612"
        },
        {
          "name": "FEDORA-2023-1fcaba0998",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
        },
        {
          "name": "FEDORA-2023-d8ae3c122e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
        },
        {
          "name": "FEDORA-2023-7e9d6015f6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-36674",
    "datePublished": "2023-08-20T00:00:00",
    "dateReserved": "2023-06-26T00:00:00",
    "dateUpdated": "2024-10-08T14:27:38.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6733 (GCVE-0-2015-6733)

Vulnerability from cvelistv5

Published

2015-09-01 14:00

Modified

2024-08-06 07:29

Severity ?

CWE

n/a

Summary

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T101608	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/76361	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T101608"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          },
          {
            "name": "76361",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76361"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T101608"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        },
        {
          "name": "76361",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76361"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6733",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "https://phabricator.wikimedia.org/T101608",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T101608"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            },
            {
              "name": "76361",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76361"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6733",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36131 (GCVE-0-2021-36131)

Vulnerability from cvelistv5

Published

2021-07-02 13:00

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T281196	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T281196"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T13:00:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T281196"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T281196",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T281196"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ic312cc9b8463c8e7c3298a661abfcff2cc2332cb"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36131",
    "datePublished": "2021-07-02T13:00:06",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12474 (GCVE-0-2019-12474)

Vulnerability from cvelistv5

Published

2019-07-10 15:58

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

►

URL

Tags

	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://phabricator.wikimedia.org/T212118	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:38.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T212118"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T15:58:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T212118"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://phabricator.wikimedia.org/T212118",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T212118"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12474",
    "datePublished": "2019-07-10T15:58:05",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:38.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1587 (GCVE-0-2011-1587)

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-06 22:28

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.

References

►

URL

Tags

	http://openwall.com/lists/oss-security/2011/04/18/5	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2011/dsa-2366	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=696360	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110418 Re: CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/18/5"
          },
          {
            "name": "DSA-2366",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2366"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
          },
          {
            "name": "[mediawiki-announce] 20110414 MediaWiki security release 1.16.4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-01-19T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20110418 Re: CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/18/5"
        },
        {
          "name": "DSA-2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2366"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
        },
        {
          "name": "[mediawiki-announce] 20110414 MediaWiki security release 1.16.4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1587",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2011-04-05T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6337 (GCVE-0-2016-6337)

Vulnerability from cvelistv5

Published

2017-04-20 17:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T139670	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T139670"
          },
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-20T16:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T139670"
        },
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T139670",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T139670"
            },
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6337",
    "datePublished": "2017-04-20T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-5687 (GCVE-0-2008-5687)

Vulnerability from cvelistv5

Published

2008-12-19 17:00

Modified

2024-08-07 11:04

Severity ?

CWE

n/a

Summary

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

References

►

URL

Tags

	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html	vendor-advisory, x_refsource_FEDORA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	mailing-list, x_refsource_MLIST
	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html	vendor-advisory, x_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/47678	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/33349	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:04:44.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-11802",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
          },
          {
            "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
          },
          {
            "name": "FEDORA-2008-11688",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
          },
          {
            "name": "mediawiki-images-info-disclosure(47678)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"
          },
          {
            "name": "33349",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2008-11802",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
        },
        {
          "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
        },
        {
          "name": "FEDORA-2008-11688",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
        },
        {
          "name": "mediawiki-images-info-disclosure(47678)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"
        },
        {
          "name": "33349",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33349"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5687",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2008-11802",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
            },
            {
              "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
            },
            {
              "name": "FEDORA-2008-11688",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
            },
            {
              "name": "mediawiki-images-info-disclosure(47678)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47678"
            },
            {
              "name": "33349",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33349"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5687",
    "datePublished": "2008-12-19T17:00:00",
    "dateReserved": "2008-12-19T00:00:00",
    "dateUpdated": "2024-08-07T11:04:44.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31551 (GCVE-0-2021-31551)

Vulnerability from cvelistv5

Published

2021-04-22 02:29

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T259433	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T259433"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:29:51",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T259433"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T259433",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T259433"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31551",
    "datePublished": "2021-04-22T02:29:51",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29903 (GCVE-0-2022-29903)

Vulnerability from cvelistv5

Published

2022-04-29 03:44

Modified

2024-08-03 06:33

Severity ?

CWE

n/a

Summary

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T306290	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T306290"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension\u0027s configuration. The attacker must trigger a POST request to Special:PrivateDomains."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-29T03:44:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T306290"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-29903",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension\u0027s configuration. The attacker must trigger a POST request to Special:PrivateDomains."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T306290",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T306290"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PrivateDomains/+/783416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-29903",
    "datePublished": "2022-04-29T03:44:15",
    "dateReserved": "2022-04-29T00:00:00",
    "dateUpdated": "2024-08-03T06:33:43.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2243 (GCVE-0-2014-2243)

Vulnerability from cvelistv5

Published

2014-03-02 02:00

Modified

2024-08-06 10:06

Severity ?

CWE

n/a

Summary

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.

References

►

URL

Tags

	http://openwall.com/lists/oss-security/2014/02/28/1	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=61346	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1071136	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2014/03/01/2	mailing-list, x_refsource_MLIST
	https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f%2Cn%2Cz	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346"
          },
          {
            "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136"
          },
          {
            "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f%2Cn%2Cz"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-02T02:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346"
        },
        {
          "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136"
        },
        {
          "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f%2Cn%2Cz"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61346"
            },
            {
              "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071136"
            },
            {
              "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2243",
    "datePublished": "2014-03-02T02:00:00",
    "dateReserved": "2014-02-28T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1578 (GCVE-0-2011-1578)

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-06 22:28

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/66737	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/0978	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/47354	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/44142	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/1151	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2011/dsa-2366	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=696360	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2011/1100	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=695577	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/04/13/15	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=28235	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-file-extensions-xss(66737)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737"
          },
          {
            "name": "FEDORA-2011-5495",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
          },
          {
            "name": "ADV-2011-0978",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0978"
          },
          {
            "name": "FEDORA-2011-5807",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
          },
          {
            "name": "47354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47354"
          },
          {
            "name": "44142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44142"
          },
          {
            "name": "FEDORA-2011-5848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
          },
          {
            "name": "ADV-2011-1151",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1151"
          },
          {
            "name": "DSA-2366",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2366"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
          },
          {
            "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
          },
          {
            "name": "ADV-2011-1100",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1100"
          },
          {
            "name": "FEDORA-2011-5812",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
          },
          {
            "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "mediawiki-file-extensions-xss(66737)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737"
        },
        {
          "name": "FEDORA-2011-5495",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
        },
        {
          "name": "ADV-2011-0978",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0978"
        },
        {
          "name": "FEDORA-2011-5807",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
        },
        {
          "name": "47354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47354"
        },
        {
          "name": "44142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44142"
        },
        {
          "name": "FEDORA-2011-5848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
        },
        {
          "name": "ADV-2011-1151",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1151"
        },
        {
          "name": "DSA-2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2366"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
        },
        {
          "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
        },
        {
          "name": "ADV-2011-1100",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1100"
        },
        {
          "name": "FEDORA-2011-5812",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
        },
        {
          "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1578",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2011-04-05T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0366 (GCVE-0-2017-0366)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 16:13

Severity ?

CWE

bypass filter

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T151735	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2017-0366	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:57.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T151735"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "bypass filter",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T151735"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0366"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "SVG filter evasion using default attribute values in DTD declaration",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0366",
          "STATE": "PUBLIC",
          "TITLE": "SVG filter evasion using default attribute values in DTD declaration"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "bypass filter"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T151735",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T151735"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0366",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0366"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0366",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T16:13:20.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35477 (GCVE-0-2020-35477)

Vulnerability from cvelistv5

Published

2020-12-18 07:37

Modified

2024-08-04 17:02

Severity ?

CWE

n/a

Summary

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T205908	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4816	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T205908"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
          },
          {
            "name": "DSA-4816",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4816"
          },
          {
            "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
          },
          {
            "name": "FEDORA-2020-0be2d40e13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the \"Change visibility of selected log entries\" checkbox (or a tags checkbox) next to it, there is a redirection to the main page\u0027s action=historysubmit (instead of the desired behavior in which a revision-deletion form appears)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-27T03:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T205908"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
        },
        {
          "name": "DSA-4816",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4816"
        },
        {
          "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
        },
        {
          "name": "FEDORA-2020-0be2d40e13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35477",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the \"Change visibility of selected log entries\" checkbox (or a tags checkbox) next to it, there is a redirection to the main page\u0027s action=historysubmit (instead of the desired behavior in which a revision-deletion form appears)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T205908",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T205908"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
            },
            {
              "name": "DSA-4816",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4816"
            },
            {
              "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
            },
            {
              "name": "FEDORA-2020-0be2d40e13",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35477",
    "datePublished": "2020-12-18T07:37:24",
    "dateReserved": "2020-12-16T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8002 (GCVE-0-2015-8002)

Vulnerability from cvelistv5

Published

2015-11-09 18:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T91205	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034028	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T91205"
          },
          {
            "name": "1034028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034028"
          },
          {
            "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T91205"
        },
        {
          "name": "1034028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034028"
        },
        {
          "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T91205",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T91205"
            },
            {
              "name": "1034028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034028"
            },
            {
              "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8002",
    "datePublished": "2015-11-09T18:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6452 (GCVE-0-2013-6452)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-08-06 17:39

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T13:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6452",
    "datePublished": "2014-05-12T14:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2931 (GCVE-0-2015-2931)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	https://phabricator.wikimedia.org/T85850	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T85850"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T85850"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2931",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "https://phabricator.wikimedia.org/T85850",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T85850"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2931",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-1579 (GCVE-0-2012-1579)

Vulnerability from cvelistv5

Published

2012-09-09 21:00

Modified

2024-08-06 19:01

Severity ?

CWE

n/a

Summary

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/03/24/1	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=34907	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/48504	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/03/22/9	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/52689	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:01:02.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34907"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
          },
          {
            "name": "48504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48504"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
          },
          {
            "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
          },
          {
            "name": "52689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-09T21:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34907"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
        },
        {
          "name": "48504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48504"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
        },
        {
          "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
        },
        {
          "name": "52689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52689"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1579",
    "datePublished": "2012-09-09T21:00:00Z",
    "dateReserved": "2012-03-12T00:00:00Z",
    "dateUpdated": "2024-08-06T19:01:02.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22912 (GCVE-0-2023-22912)

Vulnerability from cvelistv5

Published

2023-01-20 00:00

Modified

2025-04-03 15:13

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

References

►

URL

Tags

https://phabricator.wikimedia.org/T315123

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:31.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T315123"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-22912",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T15:09:36.476645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-330",
                "description": "CWE-330 Use of Insufficiently Random Values",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T15:13:11.169Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-20T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T315123"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-22912",
    "datePublished": "2023-01-20T00:00:00.000Z",
    "dateReserved": "2023-01-10T00:00:00.000Z",
    "dateUpdated": "2025-04-03T15:13:11.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3165 (GCVE-0-2005-3165)

Vulnerability from cvelistv5

Published

2005-10-06 04:00

Modified

2024-09-17 01:31

Severity ?

CWE

n/a

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

References

►

URL

Tags

	http://sourceforge.net/project/shownotes.php?release_id=352777	x_refsource_CONFIRM
	http://secunia.com/advisories/16932	third-party-advisory, x_refsource_SECUNIA
	http://lwn.net/Articles/153906/	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:59.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=352777"
          },
          {
            "name": "16932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16932"
          },
          {
            "name": "SUSE-SR:2005:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lwn.net/Articles/153906/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) \u003cmath\u003e tags or (2) Extension or \u003cnowiki\u003e sections that \"bypass HTML style attribute restrictions\" that are intended to protect against XSS vulnerabilities in Internet Explorer clients."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-10-06T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=352777"
        },
        {
          "name": "16932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16932"
        },
        {
          "name": "SUSE-SR:2005:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lwn.net/Articles/153906/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) \u003cmath\u003e tags or (2) Extension or \u003cnowiki\u003e sections that \"bypass HTML style attribute restrictions\" that are intended to protect against XSS vulnerabilities in Internet Explorer clients."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=352777",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=352777"
            },
            {
              "name": "16932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16932"
            },
            {
              "name": "SUSE-SR:2005:021",
              "refsource": "SUSE",
              "url": "http://lwn.net/Articles/153906/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3165",
    "datePublished": "2005-10-06T04:00:00Z",
    "dateReserved": "2005-10-06T00:00:00Z",
    "dateUpdated": "2024-09-17T01:31:24.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4501 (GCVE-0-2005-4501)

Vulnerability from cvelistv5

Published

2005-12-22 21:00

Modified

2024-08-07 23:46

Severity ?

CWE

n/a

Summary

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.

References

►

URL

Tags

	http://www.mediawiki.org/wiki/Download	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2005/3059	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/18219	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/23882	vdb-entry, x_refsource_XF
	http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/16032	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/18717	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:46:05.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mediawiki.org/wiki/Download"
          },
          {
            "name": "ADV-2005-3059",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/3059"
          },
          {
            "name": "18219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18219"
          },
          {
            "name": "mediawiki-placeholder-bypass-security(23882)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882"
          },
          {
            "name": "SUSE-SR:2006:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
          },
          {
            "name": "16032",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16032"
          },
          {
            "name": "18717",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mediawiki.org/wiki/Download"
        },
        {
          "name": "ADV-2005-3059",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/3059"
        },
        {
          "name": "18219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18219"
        },
        {
          "name": "mediawiki-placeholder-bypass-security(23882)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882"
        },
        {
          "name": "SUSE-SR:2006:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
        },
        {
          "name": "16032",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16032"
        },
        {
          "name": "18717",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18717"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4501",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mediawiki.org/wiki/Download",
              "refsource": "CONFIRM",
              "url": "http://www.mediawiki.org/wiki/Download"
            },
            {
              "name": "ADV-2005-3059",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/3059"
            },
            {
              "name": "18219",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18219"
            },
            {
              "name": "mediawiki-placeholder-bypass-security(23882)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882"
            },
            {
              "name": "SUSE-SR:2006:003",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
            },
            {
              "name": "16032",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16032"
            },
            {
              "name": "18717",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18717"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4501",
    "datePublished": "2005-12-22T21:00:00",
    "dateReserved": "2005-12-22T00:00:00",
    "dateUpdated": "2024-08-07T23:46:05.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0362 (GCVE-0-2017-0362)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 20:22

Severity ?

CWE

missing requirement on token

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T150044	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://security-tracker.debian.org/tracker/CVE-2017-0362	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:56.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T150044"
          },
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0362"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the \"Mark all pages visited\" on the watchlist does not require a CSRF token."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "missing requirement on token",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T150044"
        },
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0362"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "\"Mark all pages visited\" on the watchlist does not require a CSRF token",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:19.000Z",
          "ID": "CVE-2017-0362",
          "STATE": "PUBLIC",
          "TITLE": "\"Mark all pages visited\" on the watchlist does not require a CSRF token"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the \"Mark all pages visited\" on the watchlist does not require a CSRF token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "missing requirement on token"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T150044",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T150044"
            },
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0362",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0362"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0362",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T20:22:32.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-7199 (GCVE-0-2014-7199)

Vulnerability from cvelistv5

Published

2014-09-30 14:00

Modified

2024-08-06 12:40

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

References

►

URL

Tags

	https://gerrit.wikimedia.org/r/#/c/162777/	x_refsource_CONFIRM
	http://www.debian.org/security/2014/dsa-3036	vendor-advisory, x_refsource_DEBIAN
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/09/27/2	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/61666	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=69008	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:40:19.157Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/c/162777/"
          },
          {
            "name": "DSA-3036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3036"
          },
          {
            "name": "[MediaWiki-announce] 20140924 MediaWiki Security and Maintenance Releases: 1.19.19, 1.22.11 and 1.23.4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html"
          },
          {
            "name": "[oss-security] 20140927 Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/27/2"
          },
          {
            "name": "61666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61666"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=69008"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-03T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/c/162777/"
        },
        {
          "name": "DSA-3036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3036"
        },
        {
          "name": "[MediaWiki-announce] 20140924 MediaWiki Security and Maintenance Releases: 1.19.19, 1.22.11 and 1.23.4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html"
        },
        {
          "name": "[oss-security] 20140927 Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/27/2"
        },
        {
          "name": "61666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61666"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=69008"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-7199",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gerrit.wikimedia.org/r/#/c/162777/",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/#/c/162777/"
            },
            {
              "name": "DSA-3036",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3036"
            },
            {
              "name": "[MediaWiki-announce] 20140924 MediaWiki Security and Maintenance Releases: 1.19.19, 1.22.11 and 1.23.4",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html"
            },
            {
              "name": "[oss-security] 20140927 Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/09/27/2"
            },
            {
              "name": "61666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61666"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=69008",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=69008"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-7199",
    "datePublished": "2014-09-30T14:00:00",
    "dateReserved": "2014-09-26T00:00:00",
    "dateUpdated": "2024-08-06T12:40:19.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6455 (GCVE-0-2013-6455)

Vulnerability from cvelistv5

Published

2020-01-28 14:54

Modified

2024-08-06 17:39

Severity ?

CWE

Path Disclosure

Summary

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Wikimedia Foundation	MediaWiki	Version: before 1.19.10 Version: 1.2x before 1.21.4 Version: 1.22.x before 1.22.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.19.10"
            },
            {
              "status": "affected",
              "version": "1.2x before 1.21.4"
            },
            {
              "status": "affected",
              "version": "1.22.x before 1.22.1"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T14:54:22",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6455",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.19.10"
                          },
                          {
                            "version_value": "1.2x before 1.21.4"
                          },
                          {
                            "version_value": "1.22.x before 1.22.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html",
              "refsource": "MISC",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6455",
    "datePublished": "2020-01-28T14:54:22",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47913 (GCVE-0-2024-47913)

Vulnerability from cvelistv5

Published

2024-10-04 00:00

Modified

2024-12-06 21:07

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T372998
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47913",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T18:52:26.958387Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-532",
                "description": "CWE-532 Insertion of Sensitive Information into Log File",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T21:07:18.749Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-04T21:15:03.441128",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T372998"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-47913",
    "datePublished": "2024-10-04T00:00:00",
    "dateReserved": "2024-10-04T00:00:00",
    "dateUpdated": "2024-12-06T21:07:18.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2895 (GCVE-0-2006-2895)

Vulnerability from cvelistv5

Published

2006-06-07 10:00

Modified

2024-08-07 18:06

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2006/2159	vdb-entry, x_refsource_VUPEN
	http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/20458	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/27029	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:06:26.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-2159",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2159"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES"
          },
          {
            "name": "[MediaWiki-announce] 20060606 MediaWiki 1.6.7 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html"
          },
          {
            "name": "20458",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20458"
          },
          {
            "name": "mediawiki-edit-form-xss(27029)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-2159",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2159"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES"
        },
        {
          "name": "[MediaWiki-announce] 20060606 MediaWiki 1.6.7 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html"
        },
        {
          "name": "20458",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20458"
        },
        {
          "name": "mediawiki-edit-form-xss(27029)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27029"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2895",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-2159",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2159"
            },
            {
              "name": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES"
            },
            {
              "name": "[MediaWiki-announce] 20060606 MediaWiki 1.6.7 released",
              "refsource": "MLIST",
              "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html"
            },
            {
              "name": "20458",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20458"
            },
            {
              "name": "mediawiki-edit-form-xss(27029)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27029"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2895",
    "datePublished": "2006-06-07T10:00:00",
    "dateReserved": "2006-06-07T00:00:00",
    "dateUpdated": "2024-08-07T18:06:26.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6331 (GCVE-0-2016-6331)

Vulnerability from cvelistv5

Published

2017-04-20 17:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T115333	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T115333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-20T16:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T115333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6331",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "https://phabricator.wikimedia.org/T115333",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T115333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6331",
    "datePublished": "2017-04-20T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4361 (GCVE-0-2011-4361)

Vulnerability from cvelistv5

Published

2012-01-08 11:00

Modified

2024-08-07 00:09

Severity ?

CWE

n/a

Summary

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=758171	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/11/29/6	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=32616	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/11/29/12	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2011/dsa-2366	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:18.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20111128 MediaWiki security release 1.17.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
          },
          {
            "name": "[oss-security] 20111129 CVE request: mediawiki before 1.17.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32616"
          },
          {
            "name": "[oss-security] 20111129 Re: CVE request: mediawiki before 1.17.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
          },
          {
            "name": "DSA-2366",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-01-19T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20111128 MediaWiki security release 1.17.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
        },
        {
          "name": "[oss-security] 20111129 CVE request: mediawiki before 1.17.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32616"
        },
        {
          "name": "[oss-security] 20111129 Re: CVE request: mediawiki before 1.17.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
        },
        {
          "name": "DSA-2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2366"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4361",
    "datePublished": "2012-01-08T11:00:00",
    "dateReserved": "2011-11-04T00:00:00",
    "dateUpdated": "2024-08-07T00:09:18.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8625 (GCVE-0-2015-8625)

Vulnerability from cvelistv5

Published

2017-03-23 20:00

Modified

2024-08-06 08:20

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/23/7	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T118032	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/12/21/8	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
          },
          {
            "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T118032"
          },
          {
            "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
        },
        {
          "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T118032"
        },
        {
          "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
            },
            {
              "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
            },
            {
              "name": "https://phabricator.wikimedia.org/T118032",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T118032"
            },
            {
              "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8625",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2015-12-23T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2665 (GCVE-0-2014-2665)

Vulnerability from cvelistv5

Published

2014-04-20 01:00

Modified

2024-08-06 10:21

Severity ?

CWE

n/a

Summary

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.

References

►

URL

Tags

	https://bugzilla.wikimedia.org/show_bug.cgi?id=62497	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2014/03/28/1	mailing-list, x_refsource_MLIST
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html	mailing-list, x_refsource_MLIST
	http://openwall.com/lists/oss-security/2014/04/01/7	mailing-list, x_refsource_MLIST
	https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:21:35.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497"
          },
          {
            "name": "[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/03/28/1"
          },
          {
            "name": "[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html"
          },
          {
            "name": "[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/04/01/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker\u0027s account, as demonstrated by tracking the victim\u0027s activity, related to a \"login CSRF\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-20T01:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497"
        },
        {
          "name": "[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/03/28/1"
        },
        {
          "name": "[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html"
        },
        {
          "name": "[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/04/01/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker\u0027s account, as demonstrated by tracking the victim\u0027s activity, related to a \"login CSRF\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497"
            },
            {
              "name": "[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/03/28/1"
            },
            {
              "name": "[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html"
            },
            {
              "name": "[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/04/01/7"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2665",
    "datePublished": "2014-04-20T01:00:00",
    "dateReserved": "2014-03-26T00:00:00",
    "dateUpdated": "2024-08-06T10:21:35.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0003 (GCVE-0-2011-0003)

Vulnerability from cvelistv5

Published

2011-01-11 01:00

Modified

2024-08-06 21:36

Severity ?

CWE

n/a

Summary

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2011/01/04/12	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2011/0017	vdb-entry, x_refsource_VUPEN
	https://bugzilla.wikimedia.org/show_bug.cgi?id=26561	x_refsource_CONFIRM
	http://www.osvdb.org/70272	vdb-entry, x_refsource_OSVDB
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	vendor-advisory, x_refsource_FEDORA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2011/01/04/6	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/42810	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	vendor-advisory, x_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/64476	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:36:02.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/01/04/12"
          },
          {
            "name": "ADV-2011-0017",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561"
          },
          {
            "name": "70272",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/70272"
          },
          {
            "name": "FEDORA-2011-5807",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
          },
          {
            "name": "[MediaWiki-announce] 20110104 MediaWiki security release 1.16.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html"
          },
          {
            "name": "[oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/01/04/6"
          },
          {
            "name": "42810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42810"
          },
          {
            "name": "FEDORA-2011-5848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
          },
          {
            "name": "mediawiki-frames-clickjacking(64476)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64476"
          },
          {
            "name": "FEDORA-2011-5812",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/01/04/12"
        },
        {
          "name": "ADV-2011-0017",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561"
        },
        {
          "name": "70272",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/70272"
        },
        {
          "name": "FEDORA-2011-5807",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
        },
        {
          "name": "[MediaWiki-announce] 20110104 MediaWiki security release 1.16.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html"
        },
        {
          "name": "[oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/01/04/6"
        },
        {
          "name": "42810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42810"
        },
        {
          "name": "FEDORA-2011-5848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
        },
        {
          "name": "mediawiki-frames-clickjacking(64476)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64476"
        },
        {
          "name": "FEDORA-2011-5812",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0003",
    "datePublished": "2011-01-11T01:00:00",
    "dateReserved": "2010-12-07T00:00:00",
    "dateUpdated": "2024-08-06T21:36:02.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35474 (GCVE-0-2020-35474)

Vulnerability from cvelistv5

Published

2020-12-18 07:30

Modified

2024-08-04 17:02

Severity ?

CWE

n/a

Summary

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T268894	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T268894"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
          },
          {
            "name": "FEDORA-2020-0be2d40e13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-27T03:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T268894"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
        },
        {
          "name": "FEDORA-2020-0be2d40e13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T268894",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T268894"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
            },
            {
              "name": "FEDORA-2020-0be2d40e13",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35474",
    "datePublished": "2020-12-18T07:30:48",
    "dateReserved": "2020-12-16T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45373 (GCVE-0-2023-45373)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 17:45

Severity ?

CWE

n/a

Summary

An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T345693
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T345693"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:45:51.126266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:45:59.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T05:32:30.576234",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T345693"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45373",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T17:45:59.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37255 (GCVE-0-2023-37255)

Vulnerability from cvelistv5

Published

2023-06-29 00:00

Modified

2024-11-26 19:36

Severity ?

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.

References

►

URL

Tags

https://phabricator.wikimedia.org/T333569

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T333569"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37255",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T19:36:36.377825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T19:36:50.300Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the \"get edits\" type is vulnerable to HTML injection through the User-Agent HTTP request header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-29T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T333569"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37255",
    "datePublished": "2023-06-29T00:00:00",
    "dateReserved": "2023-06-29T00:00:00",
    "dateUpdated": "2024-11-26T19:36:50.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-5241 (GCVE-0-2014-5241)

Vulnerability from cvelistv5

Published

2014-08-22 17:00

Modified

2024-08-06 11:41

Severity ?

CWE

n/a

Summary

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2014/dsa-3011	vendor-advisory, x_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/59738	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=68187	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2014/08/14/5	mailing-list, x_refsource_MLIST
	http://advisories.mageia.org/MGASA-2014-0309.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:41:47.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
          },
          {
            "name": "DSA-3011",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3011"
          },
          {
            "name": "MDVSA-2014:153",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
          },
          {
            "name": "59738",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59738"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187"
          },
          {
            "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
        },
        {
          "name": "DSA-3011",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3011"
        },
        {
          "name": "MDVSA-2014:153",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
        },
        {
          "name": "59738",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59738"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187"
        },
        {
          "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-5241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
            },
            {
              "name": "DSA-3011",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3011"
            },
            {
              "name": "MDVSA-2014:153",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
            },
            {
              "name": "59738",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59738"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187"
            },
            {
              "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0309.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-5241",
    "datePublished": "2014-08-22T17:00:00",
    "dateReserved": "2014-08-14T00:00:00",
    "dateUpdated": "2024-08-06T11:41:47.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25813 (GCVE-0-2020-25813)

Vulnerability from cvelistv5

Published

2020-09-27 20:44

Modified

2024-08-04 15:40

Severity ?

CWE

n/a

Summary

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.

References

►

URL

Tags

	https://meta.wikimedia.org/wiki/Special:UserRights	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://meta.wikimedia.org/wiki/Special:UserRights"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://meta.wikimedia.org/wiki/Special:UserRights"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-25813",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://meta.wikimedia.org/wiki/Special:UserRights",
              "refsource": "MISC",
              "url": "https://meta.wikimedia.org/wiki/Special:UserRights"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-25813",
    "datePublished": "2020-09-27T20:44:23",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22911 (GCVE-0-2023-22911)

Vulnerability from cvelistv5

Published

2023-01-10 00:00

Modified

2025-04-07 18:36

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T149488
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:31.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T149488"
          },
          {
            "name": "FEDORA-2023-30a7a812f0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-22911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T17:53:53.209207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T18:36:08.229Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-27T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T149488"
        },
        {
          "name": "FEDORA-2023-30a7a812f0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-22911",
    "datePublished": "2023-01-10T00:00:00.000Z",
    "dateReserved": "2023-01-10T00:00:00.000Z",
    "dateUpdated": "2025-04-07T18:36:08.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42046 (GCVE-0-2021-42046)

Vulnerability from cvelistv5

Published

2021-10-06 20:48

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T286385	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T286385"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:39:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T286385"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42046",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T286385",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T286385"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42046",
    "datePublished": "2021-10-06T20:48:31",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39194 (GCVE-0-2022-39194)

Vulnerability from cvelistv5

Published

2022-09-02 04:45

Modified

2024-08-03 12:00

Severity ?

CWE

n/a

Summary

An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.

References

►

URL

Tags

https://phabricator.wikimedia.org/T313205

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:43.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T313205"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-02T04:45:37",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T313205"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-39194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T313205",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T313205"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-39194",
    "datePublished": "2022-09-02T04:45:37",
    "dateReserved": "2022-09-02T00:00:00",
    "dateUpdated": "2024-08-03T12:00:43.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8622 (GCVE-0-2015-8622)

Vulnerability from cvelistv5

Published

2017-03-23 20:00

Modified

2024-08-06 08:20

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/23/7	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T117899	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/12/21/8	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
          },
          {
            "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T117899"
          },
          {
            "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert(\u0027XSS!\u0027).\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
        },
        {
          "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T117899"
        },
        {
          "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8622",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert(\u0027XSS!\u0027).\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
            },
            {
              "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
            },
            {
              "name": "https://phabricator.wikimedia.org/T117899",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T117899"
            },
            {
              "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8622",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2015-12-23T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29141 (GCVE-0-2023-29141)

Vulnerability from cvelistv5

Published

2023-03-31 00:00

Modified

2025-02-18 16:02

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T285159
	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/	vendor-advisory
	https://www.debian.org/security/2023/dsa-5447	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T285159"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39"
          },
          {
            "name": "FEDORA-2023-567baef490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/"
          },
          {
            "name": "FEDORA-2023-9d6ab5ebf2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/"
          },
          {
            "name": "DSA-5447",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5447"
          },
          {
            "name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3540-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-29141",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T16:02:10.014000Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-444",
                "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T16:02:42.792Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://phabricator.wikimedia.org/T285159"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-23T00:06:11.437Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T285159"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39"
        },
        {
          "name": "FEDORA-2023-567baef490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/"
        },
        {
          "name": "FEDORA-2023-9d6ab5ebf2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/"
        },
        {
          "name": "DSA-5447",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5447"
        },
        {
          "name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3540-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-29141",
    "datePublished": "2023-03-31T00:00:00.000Z",
    "dateReserved": "2023-03-31T00:00:00.000Z",
    "dateUpdated": "2025-02-18T16:02:42.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8008 (GCVE-0-2015-8008)

Vulnerability from cvelistv5

Published

2017-12-29 22:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

References

►

URL

Tags

	http://www.securityfocus.com/bid/77379	vdb-entry, x_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=1273353	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id/1034028	vdb-entry, x_refsource_SECTRACK
	https://phabricator.wikimedia.org/T103022	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html	vendor-advisory, x_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2015/10/29/14	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "77379",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77379"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353"
          },
          {
            "name": "FEDORA-2015-ec6d598d3d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html"
          },
          {
            "name": "FEDORA-2015-97fe05f788",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html"
          },
          {
            "name": "1034028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034028"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T103022"
          },
          {
            "name": "[MediaWiki-announce] 20151016 Extension Security Release: OAuth, Echo, PageTriage",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html"
          },
          {
            "name": "FEDORA-2015-24fe8b66c9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html"
          },
          {
            "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-29T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "77379",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77379"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353"
        },
        {
          "name": "FEDORA-2015-ec6d598d3d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html"
        },
        {
          "name": "FEDORA-2015-97fe05f788",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html"
        },
        {
          "name": "1034028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034028"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T103022"
        },
        {
          "name": "[MediaWiki-announce] 20151016 Extension Security Release: OAuth, Echo, PageTriage",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html"
        },
        {
          "name": "FEDORA-2015-24fe8b66c9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html"
        },
        {
          "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "77379",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77379"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273353"
            },
            {
              "name": "FEDORA-2015-ec6d598d3d",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170979.html"
            },
            {
              "name": "FEDORA-2015-97fe05f788",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html"
            },
            {
              "name": "1034028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034028"
            },
            {
              "name": "https://phabricator.wikimedia.org/T103022",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T103022"
            },
            {
              "name": "[MediaWiki-announce] 20151016 Extension Security Release: OAuth, Echo, PageTriage",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html"
            },
            {
              "name": "FEDORA-2015-24fe8b66c9",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171007.html"
            },
            {
              "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8008",
    "datePublished": "2017-12-29T22:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-0788 (GCVE-0-2007-0788)

Vulnerability from cvelistv5

Published

2007-02-06 19:00

Modified

2024-08-07 12:34

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2007/0490	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/24039	third-party-advisory, x_refsource_SECUNIA
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32217	vdb-entry, x_refsource_XF
	http://osvdb.org/33091	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/22397	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:20.914Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0490",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0490"
          },
          {
            "name": "24039",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24039"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES"
          },
          {
            "name": "[MediaWiki-announce] 20070204 MediaWiki 1.9.2 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html"
          },
          {
            "name": "mediawiki-sortabletable-xss(32217)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32217"
          },
          {
            "name": "33091",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33091"
          },
          {
            "name": "22397",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"sortable tables JavaScript.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-0490",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0490"
        },
        {
          "name": "24039",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24039"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES"
        },
        {
          "name": "[MediaWiki-announce] 20070204 MediaWiki 1.9.2 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html"
        },
        {
          "name": "mediawiki-sortabletable-xss(32217)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32217"
        },
        {
          "name": "33091",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33091"
        },
        {
          "name": "22397",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22397"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"sortable tables JavaScript.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0490",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0490"
            },
            {
              "name": "24039",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24039"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES"
            },
            {
              "name": "[MediaWiki-announce] 20070204 MediaWiki 1.9.2 released",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-February/000059.html"
            },
            {
              "name": "mediawiki-sortabletable-xss(32217)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32217"
            },
            {
              "name": "33091",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33091"
            },
            {
              "name": "22397",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22397"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0788",
    "datePublished": "2007-02-06T19:00:00",
    "dateReserved": "2007-02-06T00:00:00",
    "dateUpdated": "2024-08-07T12:34:20.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2244 (GCVE-0-2014-2244)

Vulnerability from cvelistv5

Published

2014-03-02 02:00

Modified

2024-08-06 10:06

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.

References

►

URL

Tags

	http://openwall.com/lists/oss-security/2014/02/28/1	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/65906	vdb-entry, x_refsource_BID
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	mailing-list, x_refsource_MLIST
	https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb%2Cn%2Cz	x_refsource_CONFIRM
	https://bugzilla.wikimedia.org/show_bug.cgi?id=61362	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2014/03/01/2	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1071139	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
          },
          {
            "name": "65906",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65906"
          },
          {
            "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb%2Cn%2Cz"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61362"
          },
          {
            "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071139"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-14T16:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
        },
        {
          "name": "65906",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65906"
        },
        {
          "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb%2Cn%2Cz"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61362"
        },
        {
          "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071139"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
            },
            {
              "name": "65906",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65906"
            },
            {
              "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61362",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=61362"
            },
            {
              "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1071139",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071139"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2244",
    "datePublished": "2014-03-02T02:00:00",
    "dateReserved": "2014-02-28T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29140 (GCVE-0-2023-29140)

Vulnerability from cvelistv5

Published

2023-03-31 00:00

Modified

2025-02-18 16:04

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

References

►

URL

Tags

https://phabricator.wikimedia.org/T327613

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T327613"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-29140",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T16:04:39.556497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T16:04:43.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-31T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T327613"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-29140",
    "datePublished": "2023-03-31T00:00:00.000Z",
    "dateReserved": "2023-03-31T00:00:00.000Z",
    "dateUpdated": "2025-02-18T16:04:43.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1765 (GCVE-0-2011-1765)

Vulnerability from cvelistv5

Published

2011-05-23 22:00

Modified

2024-08-06 22:37

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=702512	x_refsource_CONFIRM
	http://secunia.com/advisories/44684	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/47722	vdb-entry, x_refsource_BID
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=28534	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:25.890Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-6774",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
          },
          {
            "name": "44684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44684"
          },
          {
            "name": "47722",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47722"
          },
          {
            "name": "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534"
          },
          {
            "name": "FEDORA-2011-6781",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
          },
          {
            "name": "FEDORA-2011-6775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-06-16T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-6774",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
        },
        {
          "name": "44684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44684"
        },
        {
          "name": "47722",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47722"
        },
        {
          "name": "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534"
        },
        {
          "name": "FEDORA-2011-6781",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
        },
        {
          "name": "FEDORA-2011-6775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1765",
    "datePublished": "2011-05-23T22:00:00",
    "dateReserved": "2011-04-19T00:00:00",
    "dateUpdated": "2024-08-06T22:37:25.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28202 (GCVE-0-2022-28202)

Vulnerability from cvelistv5

Published

2022-03-30 00:00

Modified

2024-08-03 05:48

Severity ?

CWE

n/a

Summary

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T297543
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	mailing-list
	https://www.debian.org/security/2022/dsa-5246	vendor-advisory
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297543"
          },
          {
            "name": "FEDORA-2022-69bc42d6cf",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/"
          },
          {
            "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
          },
          {
            "name": "DSA-5246",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5246"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T297543"
        },
        {
          "name": "FEDORA-2022-69bc42d6cf",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/"
        },
        {
          "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
        },
        {
          "name": "DSA-5246",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5246"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28202",
    "datePublished": "2022-03-30T00:00:00",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-08-03T05:48:37.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-4883 (GCVE-0-2007-4883)

Vulnerability from cvelistv5

Published

2007-09-14 00:00

Modified

2024-08-07 15:08

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828.

References

►

URL

Tags

	http://osvdb.org/37336	vdb-entry, x_refsource_OSVDB
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37336",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37336"
          },
          {
            "name": "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-15T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37336",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37336"
        },
        {
          "name": "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4883",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37336",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37336"
            },
            {
              "name": "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4883",
    "datePublished": "2007-09-14T00:00:00",
    "dateReserved": "2007-09-13T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44858 (GCVE-0-2021-44858)

Vulnerability from cvelistv5

Published

2021-12-20 00:00

Modified

2024-08-04 04:32

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T297322
	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297322"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit\u0026undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T297322"
        },
        {
          "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44858",
    "datePublished": "2021-12-20T00:00:00",
    "dateReserved": "2021-12-13T00:00:00",
    "dateUpdated": "2024-08-04T04:32:13.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31546 (GCVE-0-2021-31546)

Vulnerability from cvelistv5

Published

2021-04-22 02:30

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T71617	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T71617"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:30:48",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T71617"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T71617",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T71617"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31546",
    "datePublished": "2021-04-22T02:30:48",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42042 (GCVE-0-2021-42042)

Vulnerability from cvelistv5

Published

2021-10-06 20:28

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T290692	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T290692"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T20:28:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T290692"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T290692",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T290692"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ibeb13d032ca044af53f6b2334e27b6b97b6f4e9f"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42042",
    "datePublished": "2021-10-06T20:28:33",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5394 (GCVE-0-2012-5394)

Vulnerability from cvelistv5

Published

2013-12-13 18:00

Modified

2024-08-06 21:05

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.

References

►

URL

Tags

	https://bugzilla.wikimedia.org/show_bug.cgi?id=40747	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"
          },
          {
            "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
          },
          {
            "name": "FEDORA-2013-21856",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
          },
          {
            "name": "FEDORA-2013-21874",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-13T17:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"
        },
        {
          "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
        },
        {
          "name": "FEDORA-2013-21856",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
        },
        {
          "name": "FEDORA-2013-21874",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5394",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40747"
            },
            {
              "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
            },
            {
              "name": "FEDORA-2013-21856",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
            },
            {
              "name": "FEDORA-2013-21874",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5394",
    "datePublished": "2013-12-13T18:00:00",
    "dateReserved": "2012-10-17T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-7295 (GCVE-0-2014-7295)

Vulnerability from cvelistv5

Published

2014-10-07 14:00

Modified

2024-08-06 12:47

Severity ?

CWE

n/a

Summary

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

References

►

URL

Tags

	https://bugzilla.wikimedia.org/show_bug.cgi?id=70672	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2014/dsa-3046	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/61752	third-party-advisory, x_refsource_SECUNIA
	http://seclists.org/oss-sec/2014/q4/67	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/70238	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:47:32.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672"
          },
          {
            "name": "[MediaWiki-announce] 20141002 MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html"
          },
          {
            "name": "DSA-3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3046"
          },
          {
            "name": "61752",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61752"
          },
          {
            "name": "[oss-security] 20141002 Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q4/67"
          },
          {
            "name": "70238",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70238"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-28T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672"
        },
        {
          "name": "[MediaWiki-announce] 20141002 MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html"
        },
        {
          "name": "DSA-3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3046"
        },
        {
          "name": "61752",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61752"
        },
        {
          "name": "[oss-security] 20141002 Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q4/67"
        },
        {
          "name": "70238",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70238"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-7295",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=70672"
            },
            {
              "name": "[MediaWiki-announce] 20141002 MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html"
            },
            {
              "name": "DSA-3046",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3046"
            },
            {
              "name": "61752",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61752"
            },
            {
              "name": "[oss-security] 20141002 Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q4/67"
            },
            {
              "name": "70238",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70238"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-7295",
    "datePublished": "2014-10-07T14:00:00",
    "dateReserved": "2014-10-02T00:00:00",
    "dateUpdated": "2024-08-06T12:47:32.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12473 (GCVE-0-2019-12473)

Vulnerability from cvelistv5

Published

2019-07-10 15:43

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

►

URL

Tags

	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://phabricator.wikimedia.org/T204729	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T204729"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T15:44:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T204729"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12473",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://phabricator.wikimedia.org/T204729",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T204729"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12473",
    "datePublished": "2019-07-10T15:43:45",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:37.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3167 (GCVE-0-2005-3167)

Vulnerability from cvelistv5

Published

2005-10-06 04:00

Modified

2024-08-07 23:01

Severity ?

CWE

n/a

Summary

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

References

►

URL

Tags

	http://www.securityfocus.com/bid/15024	vdb-entry, x_refsource_BID
	http://sourceforge.net/project/shownotes.php?release_id=361505	x_refsource_CONFIRM
	http://secunia.com/advisories/17074	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2005_27_sr.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:58.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "15024",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15024"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=361505"
          },
          {
            "name": "17074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17074"
          },
          {
            "name": "SUSE-SR:2005:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-12-12T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "15024",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15024"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=361505"
        },
        {
          "name": "17074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17074"
        },
        {
          "name": "SUSE-SR:2005:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3167",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15024",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15024"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=361505",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=361505"
            },
            {
              "name": "17074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17074"
            },
            {
              "name": "SUSE-SR:2005:027",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3167",
    "datePublished": "2005-10-06T04:00:00",
    "dateReserved": "2005-10-06T00:00:00",
    "dateUpdated": "2024-08-07T23:01:58.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-1647 (GCVE-0-2010-1647)

Vulnerability from cvelistv5

Published

2010-06-07 20:00

Modified

2024-08-07 01:28

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=23687	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:41.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2010-10848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687"
          },
          {
            "name": "[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
          },
          {
            "name": "FEDORA-2010-10779",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-30T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2010-10848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687"
        },
        {
          "name": "[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
        },
        {
          "name": "FEDORA-2010-10779",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-1647",
    "datePublished": "2010-06-07T20:00:00",
    "dateReserved": "2010-04-29T00:00:00",
    "dateUpdated": "2024-08-07T01:28:41.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46147 (GCVE-0-2021-46147)

Vulnerability from cvelistv5

Published

2022-01-07 05:54

Modified

2024-08-04 05:02

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T293341	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:02:10.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T293341"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-07T05:54:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T293341"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-46147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T293341",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T293341"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46147",
    "datePublished": "2022-01-07T05:54:25",
    "dateReserved": "2022-01-07T00:00:00",
    "dateUpdated": "2024-08-04T05:02:10.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27957 (GCVE-0-2020-27957)

Vulnerability from cvelistv5

Published

2020-10-28 02:29

Modified

2024-08-04 16:25

Severity ?

CWE

n/a

Summary

The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T266400	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:44.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T266400"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-28T02:29:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T266400"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-27957",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T266400",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T266400"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-27957",
    "datePublished": "2020-10-28T02:29:54",
    "dateReserved": "2020-10-28T00:00:00",
    "dateUpdated": "2024-08-04T16:25:44.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35622 (GCVE-0-2020-35622)

Vulnerability from cvelistv5

Published

2020-12-21 22:37

Modified

2024-08-04 17:09

Severity ?

CWE

n/a

Summary

An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T268341	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:14.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T268341"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T22:37:29",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T268341"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35622",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T268341",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T268341"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalUsage/+/646744"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35622",
    "datePublished": "2020-12-21T22:37:29",
    "dateReserved": "2020-12-21T00:00:00",
    "dateUpdated": "2024-08-04T17:09:14.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-1581 (GCVE-0-2012-1581)

Vulnerability from cvelistv5

Published

2012-09-09 21:00

Modified

2024-08-06 19:01

Severity ?

CWE

n/a

Summary

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

References

►

URL

Tags

	https://bugzilla.wikimedia.org/show_bug.cgi?id=35078	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/03/24/1	mailing-list, x_refsource_MLIST
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/48504	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/78910	vdb-entry, x_refsource_XF
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/03/22/9	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/52689	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:01:02.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078"
          },
          {
            "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
          },
          {
            "name": "48504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48504"
          },
          {
            "name": "mediawiki-random-numbers-sec-bypass(78910)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78910"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
          },
          {
            "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
          },
          {
            "name": "52689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078"
        },
        {
          "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
        },
        {
          "name": "48504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48504"
        },
        {
          "name": "mediawiki-random-numbers-sec-bypass(78910)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78910"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
        },
        {
          "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
        },
        {
          "name": "52689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52689"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1581",
    "datePublished": "2012-09-09T21:00:00",
    "dateReserved": "2012-03-12T00:00:00",
    "dateUpdated": "2024-08-06T19:01:02.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45364 (GCVE-0-2023-45364)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 18:14

Severity ?

CWE

n/a

Summary

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T264765
	https://www.debian.org/security/2023/dsa-5520	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T264765"
          },
          {
            "name": "DSA-5520",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5520"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45364",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T18:12:46.168162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T18:14:01.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T01:06:18.082273",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T264765"
        },
        {
          "name": "DSA-5520",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5520"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45364",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T18:14:01.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-7444 (GCVE-0-2013-7444)

Vulnerability from cvelistv5

Published

2015-09-01 14:00

Modified

2024-08-06 18:09

Severity ?

CWE

n/a

Summary

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-list, x_refsource_MLIST
	https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T48457	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:16.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T48457"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-09-01T12:57:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T48457"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-7444",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e",
              "refsource": "CONFIRM",
              "url": "https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e"
            },
            {
              "name": "https://phabricator.wikimedia.org/T48457",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T48457"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-7444",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T18:09:16.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-1686 (GCVE-0-2014-1686)

Vulnerability from cvelistv5

Published

2018-04-13 21:00

Modified

2024-08-06 09:50

Severity ?

CWE

n/a

Summary

MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/91847	vdb-entry, x_refsource_XF
	https://packetstormsecurity.com/files/125682	x_refsource_MISC
	http://www.securityfocus.com/bid/66141	vdb-entry, x_refsource_BID
	http://seclists.org/fulldisclosure/2014/Mar/102	mailing-list, x_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:50:09.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-cve20141686-path-disclosure(91847)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/125682"
          },
          {
            "name": "66141",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66141"
          },
          {
            "name": "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Mar/102"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mediawiki-cve20141686-path-disclosure(91847)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/125682"
        },
        {
          "name": "66141",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66141"
        },
        {
          "name": "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Mar/102"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mediawiki-cve20141686-path-disclosure(91847)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
            },
            {
              "name": "https://packetstormsecurity.com/files/125682",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/125682"
            },
            {
              "name": "66141",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66141"
            },
            {
              "name": "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Mar/102"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1686",
    "datePublished": "2018-04-13T21:00:00",
    "dateReserved": "2014-01-28T00:00:00",
    "dateUpdated": "2024-08-06T09:50:09.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36127 (GCVE-0-2021-36127)

Vulnerability from cvelistv5

Published

2021-07-02 13:00

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T285190	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T285190"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T13:00:57",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T285190"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T285190",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T285190"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36127",
    "datePublished": "2021-07-02T13:00:57",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0460 (GCVE-0-2008-0460)

Vulnerability from cvelistv5

Published

2008-01-25 15:00

Modified

2024-08-07 07:46

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/39901	vdb-entry, x_refsource_XF
	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2008/0280	vdb-entry, x_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/28137	vdb-entry, x_refsource_BID
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/28629	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29266	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:54.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-api-xss(39901)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39901"
          },
          {
            "name": "FEDORA-2008-2288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html"
          },
          {
            "name": "ADV-2008-0280",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0280"
          },
          {
            "name": "FEDORA-2008-2245",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html"
          },
          {
            "name": "28137",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28137"
          },
          {
            "name": "[MediaWiki-announce] 20080124 MediaWiki 1.11.1, 1.10.3, 1.9.5 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html"
          },
          {
            "name": "28629",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28629"
          },
          {
            "name": "29266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29266"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mediawiki-api-xss(39901)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39901"
        },
        {
          "name": "FEDORA-2008-2288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html"
        },
        {
          "name": "ADV-2008-0280",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0280"
        },
        {
          "name": "FEDORA-2008-2245",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html"
        },
        {
          "name": "28137",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28137"
        },
        {
          "name": "[MediaWiki-announce] 20080124 MediaWiki 1.11.1, 1.10.3, 1.9.5 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html"
        },
        {
          "name": "28629",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28629"
        },
        {
          "name": "29266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29266"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mediawiki-api-xss(39901)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39901"
            },
            {
              "name": "FEDORA-2008-2288",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html"
            },
            {
              "name": "ADV-2008-0280",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0280"
            },
            {
              "name": "FEDORA-2008-2245",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html"
            },
            {
              "name": "28137",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28137"
            },
            {
              "name": "[MediaWiki-announce] 20080124 MediaWiki 1.11.1, 1.10.3, 1.9.5 released",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html"
            },
            {
              "name": "28629",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28629"
            },
            {
              "name": "29266",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29266"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0460",
    "datePublished": "2008-01-25T15:00:00",
    "dateReserved": "2008-01-25T00:00:00",
    "dateUpdated": "2024-08-07T07:46:54.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29137 (GCVE-0-2023-29137)

Vulnerability from cvelistv5

Published

2023-03-31 00:00

Modified

2025-02-14 19:27

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

References

►

URL

Tags

https://phabricator.wikimedia.org/T328643

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T328643"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-29137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T19:27:19.796841Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T19:27:24.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-31T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T328643"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-29137",
    "datePublished": "2023-03-31T00:00:00.000Z",
    "dateReserved": "2023-03-31T00:00:00.000Z",
    "dateUpdated": "2025-02-14T19:27:24.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-0894 (GCVE-0-2007-0894)

Vulnerability from cvelistv5

Published

2007-02-12 23:00

Modified

2024-08-07 12:34

Severity ?

CWE

n/a

Summary

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

References

►

URL

Tags

	http://www.securityfocus.com/archive/1/459793/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://osvdb.org/33708	vdb-entry, x_refsource_OSVDB
	http://zone14.free.fr/advisories/7/	x_refsource_MISC
	http://bugzilla.wikimedia.org/show_bug.cgi?id=8819	x_refsource_CONFIRM
	http://osvdb.org/33706	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32440	vdb-entry, x_refsource_XF
	http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=19681	x_refsource_CONFIRM
	http://osvdb.org/33707	vdb-entry, x_refsource_OSVDB
	http://osvdb.org/33709	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:21.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070211 MediaWiki Full Path Disclosure Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459793/100/0/threaded"
          },
          {
            "name": "33708",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33708"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zone14.free.fr/advisories/7/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=8819"
          },
          {
            "name": "33706",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33706"
          },
          {
            "name": "mediawiki-multiple-scripts-path-disclosure(32440)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=19681"
          },
          {
            "name": "33707",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33707"
          },
          {
            "name": "33709",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33709"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070211 MediaWiki Full Path Disclosure Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459793/100/0/threaded"
        },
        {
          "name": "33708",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33708"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zone14.free.fr/advisories/7/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=8819"
        },
        {
          "name": "33706",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33706"
        },
        {
          "name": "mediawiki-multiple-scripts-path-disclosure(32440)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=19681"
        },
        {
          "name": "33707",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33707"
        },
        {
          "name": "33709",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33709"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0894",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070211 MediaWiki Full Path Disclosure Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/459793/100/0/threaded"
            },
            {
              "name": "33708",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33708"
            },
            {
              "name": "http://zone14.free.fr/advisories/7/",
              "refsource": "MISC",
              "url": "http://zone14.free.fr/advisories/7/"
            },
            {
              "name": "http://bugzilla.wikimedia.org/show_bug.cgi?id=8819",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=8819"
            },
            {
              "name": "33706",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33706"
            },
            {
              "name": "mediawiki-multiple-scripts-path-disclosure(32440)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32440"
            },
            {
              "name": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=19681",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=19681"
            },
            {
              "name": "33707",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33707"
            },
            {
              "name": "33709",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33709"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0894",
    "datePublished": "2007-02-12T23:00:00",
    "dateReserved": "2007-02-12T00:00:00",
    "dateUpdated": "2024-08-07T12:34:21.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-5242 (GCVE-0-2014-5242)

Vulnerability from cvelistv5

Published

2014-08-22 17:00

Modified

2024-08-06 11:41

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=66608	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/69135	vdb-entry, x_refsource_BID
	http://openwall.com/lists/oss-security/2014/08/14/5	mailing-list, x_refsource_MLIST
	http://advisories.mageia.org/MGASA-2014-0309.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:41:48.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=66608"
          },
          {
            "name": "MDVSA-2014:153",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
          },
          {
            "name": "69135",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69135"
          },
          {
            "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-29T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=66608"
        },
        {
          "name": "MDVSA-2014:153",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
        },
        {
          "name": "69135",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69135"
        },
        {
          "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-5242",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=66608",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=66608"
            },
            {
              "name": "MDVSA-2014:153",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
            },
            {
              "name": "69135",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69135"
            },
            {
              "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0309.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-5242",
    "datePublished": "2014-08-22T17:00:00",
    "dateReserved": "2014-08-14T00:00:00",
    "dateUpdated": "2024-08-06T11:41:48.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3966 (GCVE-0-2014-3966)

Vulnerability from cvelistv5

Published

2014-06-06 14:00

Modified

2024-08-06 10:57

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

References

►

URL

Tags

	http://secunia.com/advisories/58896	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id/1030364	vdb-entry, x_refsource_SECTRACK
	http://www.openwall.com/lists/oss-security/2014/06/04/15	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=65501	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2014/dsa-2957	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/67787	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/58834	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:57:18.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "58896",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58896"
          },
          {
            "name": "1030364",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030364"
          },
          {
            "name": "[oss-security] 20140604 Re: CVE request: mediawiki invalid usernames on Special:PasswordReset were parsed as wikitext",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/06/04/15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65501"
          },
          {
            "name": "[MediaWiki-announce] 20140529 MediaWiki Security and Maintenance Releases: 1.19.16, 1.21.10 and 1.22.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html"
          },
          {
            "name": "DSA-2957",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2957"
          },
          {
            "name": "67787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67787"
          },
          {
            "name": "58834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58834"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-28T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "58896",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58896"
        },
        {
          "name": "1030364",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030364"
        },
        {
          "name": "[oss-security] 20140604 Re: CVE request: mediawiki invalid usernames on Special:PasswordReset were parsed as wikitext",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/06/04/15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65501"
        },
        {
          "name": "[MediaWiki-announce] 20140529 MediaWiki Security and Maintenance Releases: 1.19.16, 1.21.10 and 1.22.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html"
        },
        {
          "name": "DSA-2957",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2957"
        },
        {
          "name": "67787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67787"
        },
        {
          "name": "58834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58834"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3966",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "58896",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58896"
            },
            {
              "name": "1030364",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030364"
            },
            {
              "name": "[oss-security] 20140604 Re: CVE request: mediawiki invalid usernames on Special:PasswordReset were parsed as wikitext",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/06/04/15"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65501",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65501"
            },
            {
              "name": "[MediaWiki-announce] 20140529 MediaWiki Security and Maintenance Releases: 1.19.16, 1.21.10 and 1.22.7",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html"
            },
            {
              "name": "DSA-2957",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2957"
            },
            {
              "name": "67787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67787"
            },
            {
              "name": "58834",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58834"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3966",
    "datePublished": "2014-06-06T14:00:00",
    "dateReserved": "2014-06-04T00:00:00",
    "dateUpdated": "2024-08-06T10:57:18.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25827 (GCVE-0-2020-25827)

Vulnerability from cvelistv5

Published

2020-09-27 20:43

Modified

2024-08-04 15:40

Severity ?

CWE

n/a

Summary

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T251661	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T251661"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T251661"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-25827",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T251661",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T251661"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-25827",
    "datePublished": "2020-09-27T20:43:20",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36675 (GCVE-0-2023-36675)

Vulnerability from cvelistv5

Published

2023-06-26 00:00

Modified

2024-12-05 15:25

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T332889
	https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40
	https://www.debian.org/security/2023/dsa-5447	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T332889"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40"
          },
          {
            "name": "DSA-5447",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5447"
          },
          {
            "name": "FEDORA-2023-1fcaba0998",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
          },
          {
            "name": "FEDORA-2023-d8ae3c122e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
          },
          {
            "name": "FEDORA-2023-7e9d6015f6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36675",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T15:24:50.715733Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T15:25:03.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-15T20:06:46.235267",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T332889"
        },
        {
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40"
        },
        {
          "name": "DSA-5447",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5447"
        },
        {
          "name": "FEDORA-2023-1fcaba0998",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"
        },
        {
          "name": "FEDORA-2023-d8ae3c122e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"
        },
        {
          "name": "FEDORA-2023-7e9d6015f6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-36675",
    "datePublished": "2023-06-26T00:00:00",
    "dateReserved": "2023-06-26T00:00:00",
    "dateUpdated": "2024-12-05T15:25:03.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31550 (GCVE-0-2021-31550)

Vulnerability from cvelistv5

Published

2021-04-22 02:30

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T270767	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T270767"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:30:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T270767"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31550",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T270767",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T270767"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/651934/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31550",
    "datePublished": "2021-04-22T02:30:00",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12466 (GCVE-0-2019-12466)

Vulnerability from cvelistv5

Published

2019-07-10 15:31

Modified

2024-08-04 23:17

Severity ?

CWE

n/a

Summary

Wikimedia MediaWiki through 1.32.1 allows CSRF.

References

►

URL

Tags

	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T25227	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:17:40.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T25227"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wikimedia MediaWiki through 1.32.1 allows CSRF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T15:32:35",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T25227"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12466",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Wikimedia MediaWiki through 1.32.1 allows CSRF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T25227",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T25227"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12466",
    "datePublished": "2019-07-10T15:31:50",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:17:40.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40597 (GCVE-0-2024-40597)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2024-08-02 04:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)

References

►

URL

Tags

https://phabricator.wikimedia.org/T326865

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mediawiki:mediawiki:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mediawiki",
            "vendor": "mediawiki",
            "versions": [
              {
                "lessThanOrEqual": "1.42.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T13:14:50.678348Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T13:18:11.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T326865"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:26:04.561085",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T326865"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40597",
    "datePublished": "2024-07-06T00:00:00",
    "dateReserved": "2024-07-06T00:00:00",
    "dateUpdated": "2024-08-02T04:33:11.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2611 (GCVE-0-2006-2611)

Vulnerability from cvelistv5

Published

2006-05-26 01:00

Modified

2024-08-07 17:58

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.

References

►

URL

Tags

	http://www.osvdb.org/25713	vdb-entry, x_refsource_OSVDB
	http://nickj.org/MediaWiki	x_refsource_MISC
	http://bugzilla.wikimedia.org/show_bug.cgi?id=6055	x_refsource_MISC
	http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/26646	vdb-entry, x_refsource_XF
	http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/1926	vdb-entry, x_refsource_VUPEN
	http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349	x_refsource_MISC
	http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/20189	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:58:51.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25713",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://nickj.org/MediaWiki"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"
          },
          {
            "name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"
          },
          {
            "name": "mediawiki-unspecified-handler-xss(26646)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=14349"
          },
          {
            "name": "ADV-2006-1926",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1926"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349\u0026r2=14348\u0026pathrev=14349"
          },
          {
            "name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"
          },
          {
            "name": "20189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20189"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25713",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25713"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://nickj.org/MediaWiki"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"
        },
        {
          "name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"
        },
        {
          "name": "mediawiki-unspecified-handler-xss(26646)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=14349"
        },
        {
          "name": "ADV-2006-1926",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1926"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349\u0026r2=14348\u0026pathrev=14349"
        },
        {
          "name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"
        },
        {
          "name": "20189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20189"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25713",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25713"
            },
            {
              "name": "http://nickj.org/MediaWiki",
              "refsource": "MISC",
              "url": "http://nickj.org/MediaWiki"
            },
            {
              "name": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055",
              "refsource": "MISC",
              "url": "http://bugzilla.wikimedia.org/show_bug.cgi?id=6055"
            },
            {
              "name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2",
              "refsource": "MLIST",
              "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html"
            },
            {
              "name": "mediawiki-unspecified-handler-xss(26646)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26646"
            },
            {
              "name": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=14349",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=rev\u0026revision=14349"
            },
            {
              "name": "ADV-2006-1926",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1926"
            },
            {
              "name": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349\u0026r2=14348\u0026pathrev=14349",
              "refsource": "MISC",
              "url": "http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349\u0026r2=14348\u0026pathrev=14349"
            },
            {
              "name": "[Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2",
              "refsource": "MLIST",
              "url": "http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html"
            },
            {
              "name": "20189",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20189"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2611",
    "datePublished": "2006-05-26T01:00:00",
    "dateReserved": "2006-05-25T00:00:00",
    "dateUpdated": "2024-08-07T17:58:51.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45362 (GCVE-0-2023-45362)

Vulnerability from cvelistv5

Published

2023-11-03 00:00

Modified

2024-08-02 20:21

Severity ?

CWE

n/a

Summary

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T341529
	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.741Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T341529"
          },
          {
            "name": "[debian-lts-announce] 20231128 [SECURITY] [DLA 3671-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
          },
          {
            "name": "FEDORA-2024-2c564b942d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka \"X intermediate revisions by the same user not shown\") ignores username suppression. This is an information leak."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:41.063078",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T341529"
        },
        {
          "name": "[debian-lts-announce] 20231128 [SECURITY] [DLA 3671-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
        },
        {
          "name": "FEDORA-2024-2c564b942d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45362",
    "datePublished": "2023-11-03T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-08-02T20:21:16.741Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4377 (GCVE-0-2012-4377)

Vulnerability from cvelistv5

Published

2017-10-26 20:00

Modified

2024-08-06 20:35

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=853409	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/08/31/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T41700	x_refsource_CONFIRM
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2012/08/31/10	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.193Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853409"
          },
          {
            "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
          },
          {
            "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T41700"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
          },
          {
            "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple  security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-26T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853409"
        },
        {
          "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
        },
        {
          "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T41700"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
        },
        {
          "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple  security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4377",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853409",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853409"
            },
            {
              "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
            },
            {
              "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T41700",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T41700"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
            },
            {
              "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple  security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4377",
    "datePublished": "2017-10-26T20:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:09.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3454 (GCVE-0-2014-3454)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-09-16 22:46

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=57025	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T14:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3454",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3454",
    "datePublished": "2014-05-12T14:00:00Z",
    "dateReserved": "2014-05-12T00:00:00Z",
    "dateUpdated": "2024-09-16T22:46:54.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1951 (GCVE-0-2013-1951)

Vulnerability from cvelistv5

Published

2019-10-31 19:33

Modified

2024-08-06 15:20

Severity ?

CWE

Cross-Site Scripting

Summary

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

References

►

URL

Tags

	https://security-tracker.debian.org/tracker/CVE-2013-1951	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951	x_refsource_MISC
	http://security.gentoo.org/glsa/glsa-201310-21.xml	x_refsource_MISC
	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951	x_refsource_MISC
	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html	x_refsource_MISC
	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2013/04/16/12	x_refsource_MISC
	http://www.securityfocus.com/bid/59077	x_refsource_MISC
	https://phabricator.wikimedia.org/T48084	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ikimedia Foundation	MediaWiki	Version: before 1.19.5 and 1.20.x before 1.20.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2013-1951"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/04/16/12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/59077"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T48084"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "ikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.19.5 and 1.20.x before 1.20.4"
            }
          ]
        }
      ],
      "datePublic": "2013-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-31T19:33:37",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2013-1951"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/04/16/12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/59077"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T48084"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1951",
    "datePublished": "2019-10-31T19:33:37",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6332 (GCVE-0-2016-6332)

Vulnerability from cvelistv5

Published

2017-04-20 17:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T129738	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T129738"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-20T16:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T129738"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6332",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "https://phabricator.wikimedia.org/T129738",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T129738"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6332",
    "datePublished": "2017-04-20T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0361 (GCVE-0-2017-0361)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 21:07

Severity ?

CWE

information disclosure

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://security-tracker.debian.org/tracker/CVE-2017-0361	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T125177	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:56.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0361"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T125177"
          },
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-14T09:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0361"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T125177"
        },
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "api.log contains passwords in plaintext",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0361",
          "STATE": "PUBLIC",
          "TITLE": "api.log contains passwords in plaintext"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0361",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0361"
            },
            {
              "name": "https://phabricator.wikimedia.org/T125177",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T125177"
            },
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0361",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T21:07:38.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-5243 (GCVE-0-2014-5243)

Vulnerability from cvelistv5

Published

2014-08-22 17:00

Modified

2024-08-06 11:41

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2014/dsa-3011	vendor-advisory, x_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:153	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/59738	third-party-advisory, x_refsource_SECUNIA
	http://openwall.com/lists/oss-security/2014/08/14/5	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=65778	x_refsource_CONFIRM
	http://advisories.mageia.org/MGASA-2014-0309.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:41:48.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
          },
          {
            "name": "DSA-3011",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3011"
          },
          {
            "name": "MDVSA-2014:153",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
          },
          {
            "name": "59738",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59738"
          },
          {
            "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65778"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
        },
        {
          "name": "DSA-3011",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3011"
        },
        {
          "name": "MDVSA-2014:153",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
        },
        {
          "name": "59738",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59738"
        },
        {
          "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65778"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-5243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html"
            },
            {
              "name": "DSA-3011",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3011"
            },
            {
              "name": "MDVSA-2014:153",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153"
            },
            {
              "name": "59738",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59738"
            },
            {
              "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/08/14/5"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65778",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=65778"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0309.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0309.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-5243",
    "datePublished": "2014-08-22T17:00:00",
    "dateReserved": "2014-08-14T00:00:00",
    "dateUpdated": "2024-08-06T11:41:48.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4574 (GCVE-0-2013-4574)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T13:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4574",
    "datePublished": "2014-05-12T14:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30152 (GCVE-0-2021-30152)

Vulnerability from cvelistv5

Published

2021-04-09 06:08

Modified

2024-08-03 22:24

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T270713	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4889	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202107-40	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T270713"
          },
          {
            "name": "DSA-4889",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4889"
          },
          {
            "name": "FEDORA-2021-f4223b6684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
          },
          {
            "name": "FEDORA-2021-d298103d3a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
          },
          {
            "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
          },
          {
            "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
          },
          {
            "name": "GLSA-202107-40",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to \"protect\" a page, a user is currently able to protect to a higher level than they currently have permissions for."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-17T07:06:32",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T270713"
        },
        {
          "name": "DSA-4889",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4889"
        },
        {
          "name": "FEDORA-2021-f4223b6684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
        },
        {
          "name": "FEDORA-2021-d298103d3a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
        },
        {
          "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
        },
        {
          "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
        },
        {
          "name": "GLSA-202107-40",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-40"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30152",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to \"protect\" a page, a user is currently able to protect to a higher level than they currently have permissions for."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T270713",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T270713"
            },
            {
              "name": "DSA-4889",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4889"
            },
            {
              "name": "FEDORA-2021-f4223b6684",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
            },
            {
              "name": "FEDORA-2021-d298103d3a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
            },
            {
              "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
            },
            {
              "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
            },
            {
              "name": "GLSA-202107-40",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-40"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30152",
    "datePublished": "2021-04-09T06:08:35",
    "dateReserved": "2021-04-06T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12472 (GCVE-0-2019-12472)

Vulnerability from cvelistv5

Published

2019-07-10 15:55

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T199540	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:38.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T199540"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T15:55:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T199540"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T199540",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T199540"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12472",
    "datePublished": "2019-07-10T15:55:03",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:38.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35623 (GCVE-0-2020-35623)

Vulnerability from cvelistv5

Published

2020-12-21 22:37

Modified

2024-08-04 17:09

Severity ?

CWE

n/a

Summary

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T263498	x_refsource_MISC
	https://github.com/CWRUChielLab/CASAuth/pull/11	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:14.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T263498"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T22:37:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T263498"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35623",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T263498",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T263498"
            },
            {
              "name": "https://github.com/CWRUChielLab/CASAuth/pull/11",
              "refsource": "MISC",
              "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35623",
    "datePublished": "2020-12-21T22:37:15",
    "dateReserved": "2020-12-21T00:00:00",
    "dateUpdated": "2024-08-04T17:09:14.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41801 (GCVE-0-2021-41801)

Vulnerability from cvelistv5

Published

2021-10-11 07:40

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)

References

►

URL

Tags

	https://phabricator.wikimedia.org/T279090	x_refsource_MISC
	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:24.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T279090"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-11T07:40:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T279090"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-41801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T279090",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T279090"
            },
            {
              "name": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-41801",
    "datePublished": "2021-10-11T07:40:22",
    "dateReserved": "2021-09-29T00:00:00",
    "dateUpdated": "2024-08-04T03:22:24.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10960 (GCVE-0-2020-10960)

Vulnerability from cvelistv5

Published

2020-04-03 14:13

Modified

2024-08-04 11:21

Severity ?

CWE

n/a

Summary

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T246602	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T246602"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-03T14:13:52",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T246602"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T246602",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T246602"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10960",
    "datePublished": "2020-04-03T14:13:52",
    "dateReserved": "2020-03-25T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12467 (GCVE-0-2019-12467)

Vulnerability from cvelistv5

Published

2019-07-10 14:45

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

►

URL

Tags

	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T209794	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T209794"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T14:45:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T209794"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12467",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T209794",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T209794"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12467",
    "datePublished": "2019-07-10T14:45:01",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:37.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-1610 (GCVE-0-2014-1610)

Vulnerability from cvelistv5

Published

2014-01-30 23:00

Modified

2024-08-06 09:50

Severity ?

CWE

n/a

Summary

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

References

►

URL

Tags

	http://www.exploit-db.com/exploits/31329/	exploit, x_refsource_EXPLOIT-DB
	http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html	x_refsource_MISC
	http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html	x_refsource_MISC
	https://bugzilla.wikimedia.org/show_bug.cgi?id=60339	x_refsource_CONFIRM
	http://secunia.com/advisories/57472	third-party-advisory, x_refsource_SECUNIA
	https://gerrit.wikimedia.org/r/#/c/110215/	x_refsource_MISC
	http://www.debian.org/security/2014/dsa-2891	vendor-advisory, x_refsource_DEBIAN
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1029707	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/65223	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html	vendor-advisory, x_refsource_FEDORA
	https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php	x_refsource_MISC
	http://www.osvdb.org/102631	vdb-entry, x_refsource_OSVDB
	https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff	x_refsource_MISC
	https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff	x_refsource_MISC
	http://secunia.com/advisories/56695	third-party-advisory, x_refsource_SECUNIA
	https://gerrit.wikimedia.org/r/#/c/110069/	x_refsource_MISC
	http://osvdb.org/102630	vdb-entry, x_refsource_OSVDB
	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:50:09.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31329",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/31329/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339"
          },
          {
            "name": "57472",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57472"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/c/110215/"
          },
          {
            "name": "DSA-2891",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2891"
          },
          {
            "name": "[MediaWiki-announce] 20140128 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html"
          },
          {
            "name": "1029707",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029707"
          },
          {
            "name": "65223",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65223"
          },
          {
            "name": "FEDORA-2014-1802",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php"
          },
          {
            "name": "102631",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/102631"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361\u0026action=diff"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384\u0026action=diff"
          },
          {
            "name": "56695",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56695"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/c/110069/"
          },
          {
            "name": "102630",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102630"
          },
          {
            "name": "FEDORA-2014-1745",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-16T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31329",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/31329/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339"
        },
        {
          "name": "57472",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57472"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/c/110215/"
        },
        {
          "name": "DSA-2891",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2891"
        },
        {
          "name": "[MediaWiki-announce] 20140128 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html"
        },
        {
          "name": "1029707",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029707"
        },
        {
          "name": "65223",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65223"
        },
        {
          "name": "FEDORA-2014-1802",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php"
        },
        {
          "name": "102631",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/102631"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361\u0026action=diff"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384\u0026action=diff"
        },
        {
          "name": "56695",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56695"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/c/110069/"
        },
        {
          "name": "102630",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102630"
        },
        {
          "name": "FEDORA-2014-1745",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1610",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31329",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/31329/"
            },
            {
              "name": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html",
              "refsource": "MISC",
              "url": "http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html"
            },
            {
              "name": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html",
              "refsource": "MISC",
              "url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60339"
            },
            {
              "name": "57472",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57472"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/c/110215/",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/#/c/110215/"
            },
            {
              "name": "DSA-2891",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2891"
            },
            {
              "name": "[MediaWiki-announce] 20140128 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html"
            },
            {
              "name": "1029707",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029707"
            },
            {
              "name": "65223",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65223"
            },
            {
              "name": "FEDORA-2014-1802",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php"
            },
            {
              "name": "102631",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/102631"
            },
            {
              "name": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361\u0026action=diff",
              "refsource": "MISC",
              "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14361\u0026action=diff"
            },
            {
              "name": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384\u0026action=diff",
              "refsource": "MISC",
              "url": "https://bugzilla.wikimedia.org/attachment.cgi?id=14384\u0026action=diff"
            },
            {
              "name": "56695",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56695"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/c/110069/",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/#/c/110069/"
            },
            {
              "name": "102630",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102630"
            },
            {
              "name": "FEDORA-2014-1745",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1610",
    "datePublished": "2014-01-30T23:00:00",
    "dateReserved": "2014-01-19T00:00:00",
    "dateUpdated": "2024-08-06T09:50:09.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40603 (GCVE-0-2024-40603)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2025-03-17 21:38

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.

References

►

URL

Tags

https://phabricator.wikimedia.org/T363884

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T13:44:44.832247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-352",
                "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T21:38:52.970Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T363884"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:27:04.293Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T363884"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40603",
    "datePublished": "2024-07-06T00:00:00.000Z",
    "dateReserved": "2024-07-06T00:00:00.000Z",
    "dateUpdated": "2025-03-17T21:38:52.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2787 (GCVE-0-2010-2787)

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-07 02:46

Severity ?

CWE

n/a

Summary

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=620226	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	vendor-advisory, x_refsource_FEDORA
	http://openwall.com/lists/oss-security/2010/07/29/4	mailing-list, x_refsource_MLIST
	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776	x_refsource_CONFIRM
	https://bugzilla.wikimedia.org/show_bug.cgi?id=24565	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	vendor-advisory, x_refsource_FEDORA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/42019	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=620224	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:46:48.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-5495",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
          },
          {
            "name": "FEDORA-2011-5807",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
          },
          {
            "name": "[oss-security] 20100729 Re: CVE request: mediawiki",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69776"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565"
          },
          {
            "name": "FEDORA-2011-5848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
          },
          {
            "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
          },
          {
            "name": "42019",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/42019"
          },
          {
            "name": "FEDORA-2011-5812",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620224"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-5495",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
        },
        {
          "name": "FEDORA-2011-5807",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
        },
        {
          "name": "[oss-security] 20100729 Re: CVE request: mediawiki",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69776"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565"
        },
        {
          "name": "FEDORA-2011-5848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
        },
        {
          "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
        },
        {
          "name": "42019",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/42019"
        },
        {
          "name": "FEDORA-2011-5812",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620224"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2787",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2010-07-22T00:00:00",
    "dateUpdated": "2024-08-07T02:46:48.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36130 (GCVE-0-2021-36130)

Vulnerability from cvelistv5

Published

2021-07-02 13:00

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T281043	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T281043"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T13:00:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T281043"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T281043",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T281043"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Id915eba45497a1a0dc1c4e00818a2fd4c0ce55d3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36130",
    "datePublished": "2021-07-02T13:00:25",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-2152 (GCVE-0-2004-2152)

Vulnerability from cvelistv5

Published

2005-07-01 04:00

Modified

2024-08-08 01:15

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

References

►

URL

Tags

	http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=271848	x_refsource_CONFIRM
	http://secunia.com/advisories/12692/	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/17578	vdb-entry, x_refsource_XF
	http://www.osvdb.org/10454	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/11302	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:15:01.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=271848"
          },
          {
            "name": "12692",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12692/"
          },
          {
            "name": "mediawiki-raw-output-xss(17578)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17578"
          },
          {
            "name": "10454",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/10454"
          },
          {
            "name": "11302",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11302"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in \u0027raw\u0027 page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=271848"
        },
        {
          "name": "12692",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12692/"
        },
        {
          "name": "mediawiki-raw-output-xss(17578)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17578"
        },
        {
          "name": "10454",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/10454"
        },
        {
          "name": "11302",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11302"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2152",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in \u0027raw\u0027 page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=271848",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=271848"
            },
            {
              "name": "12692",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12692/"
            },
            {
              "name": "mediawiki-raw-output-xss(17578)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17578"
            },
            {
              "name": "10454",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/10454"
            },
            {
              "name": "11302",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11302"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2152",
    "datePublished": "2005-07-01T04:00:00",
    "dateReserved": "2005-07-01T00:00:00",
    "dateUpdated": "2024-08-08T01:15:01.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-29002 (GCVE-0-2020-29002)

Vulnerability from cvelistv5

Published

2020-11-24 05:38

Modified

2024-08-04 16:48

Severity ?

CWE

n/a

Summary

includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T267278	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:01.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T267278"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-24T05:38:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T267278"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T267278",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T267278"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29002",
    "datePublished": "2020-11-24T05:38:08",
    "dateReserved": "2020-11-24T00:00:00",
    "dateUpdated": "2024-08-04T16:48:01.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4306 (GCVE-0-2013-4306)

Vulnerability from cvelistv5

Published

2013-10-11 21:00

Modified

2024-08-06 16:38

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.

References

►

URL

Tags

	http://seclists.org/oss-sec/2013/q3/553	mailing-list, x_refsource_MLIST
	https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/62210	vdb-entry, x_refsource_BID
	http://osvdb.org/96908	vdb-entry, x_refsource_OSVDB
	https://bugzilla.wikimedia.org/show_bug.cgi?id=45019	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86893	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651"
          },
          {
            "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "name": "62210",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62210"
          },
          {
            "name": "96908",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96908"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45019"
          },
          {
            "name": "mediawiki-cve20134306-csrf(86893)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that \"perform sensitive write actions\" via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651"
        },
        {
          "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "name": "62210",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62210"
        },
        {
          "name": "96908",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96908"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45019"
        },
        {
          "name": "mediawiki-cve20134306-csrf(86893)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4306",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that \"perform sensitive write actions\" via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651",
              "refsource": "CONFIRM",
              "url": "https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FCheckUser.git/99ad25d066ce6111e798427cba7f21526827f651"
            },
            {
              "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "62210",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62210"
            },
            {
              "name": "96908",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96908"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45019",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45019"
            },
            {
              "name": "mediawiki-cve20134306-csrf(86893)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4306",
    "datePublished": "2013-10-11T21:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31549 (GCVE-0-2021-31549)

Vulnerability from cvelistv5

Published

2021-04-22 02:30

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T274152	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T274152"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:30:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T274152"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T274152",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T274152"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31549",
    "datePublished": "2021-04-22T02:30:10",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6336 (GCVE-0-2016-6336)

Vulnerability from cvelistv5

Published

2017-04-20 17:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T132926	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T132926"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-20T16:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T132926"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "https://phabricator.wikimedia.org/T132926",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T132926"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6336",
    "datePublished": "2017-04-20T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25815 (GCVE-0-2020-25815)

Vulnerability from cvelistv5

Published

2020-09-27 20:27

Modified

2024-08-04 15:40

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().

References

►

URL

Tags

	https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text()."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-25815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text()."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-25815",
    "datePublished": "2020-09-27T20:27:14",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9479 (GCVE-0-2014-9479)

Vulnerability from cvelistv5

Published

2015-01-16 16:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2015/01/03/13	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/12/21/2	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T76195	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T76195"
          },
          {
            "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-16T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T76195"
        },
        {
          "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9479",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
            },
            {
              "name": "https://phabricator.wikimedia.org/T76195",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T76195"
            },
            {
              "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9479",
    "datePublished": "2015-01-16T16:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42040 (GCVE-0-2021-42040)

Vulnerability from cvelistv5

Published

2021-10-06 20:28

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T287347	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T287347"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T20:28:59",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T287347"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T287347",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T287347"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42040",
    "datePublished": "2021-10-06T20:28:59",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6734 (GCVE-0-2015-6734)

Vulnerability from cvelistv5

Published

2015-09-01 14:00

Modified

2024-08-06 07:29

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T108198	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/76361	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T108198"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          },
          {
            "name": "76361",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76361"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T108198"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        },
        {
          "name": "76361",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76361"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "https://phabricator.wikimedia.org/T108198",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T108198"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            },
            {
              "name": "76361",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76361"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6734",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42049 (GCVE-0-2021-42049)

Vulnerability from cvelistv5

Published

2021-10-06 20:47

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T286884	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T286884"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:39:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T286884"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42049",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T286884",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T286884"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42049",
    "datePublished": "2021-10-06T20:47:00",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4381 (GCVE-0-2012-4381)

Vulnerability from cvelistv5

Published

2020-02-08 17:50

Modified

2024-08-06 20:35

Severity ?

CWE

Password

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.

References

►

URL

Tags

	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2012/08/31/6	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2012/08/31/10	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=853442	x_refsource_MISC
	https://phabricator.wikimedia.org/T41184	x_refsource_MISC
	http://osvdb.org/show/osvdb/85106	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki	Version: before 1.18.5 Version: 1.19.x before 1.19.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T41184"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/85106"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.18.5"
            },
            {
              "status": "affected",
              "version": "1.19.x before 1.19.2"
            }
          ]
        }
      ],
      "datePublic": "2012-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Password",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-08T17:50:40",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T41184"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://osvdb.org/show/osvdb/85106"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4381",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.18.5"
                          },
                          {
                            "version_value": "1.19.x before 1.19.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2012/08/31/6",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2012/08/31/10",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853442",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442"
            },
            {
              "name": "https://phabricator.wikimedia.org/T41184",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T41184"
            },
            {
              "name": "http://osvdb.org/show/osvdb/85106",
              "refsource": "MISC",
              "url": "http://osvdb.org/show/osvdb/85106"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4381",
    "datePublished": "2020-02-08T17:50:40",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:09.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34507 (GCVE-0-2024-34507)

Vulnerability from cvelistv5

Published

2024-05-05 00:00

Modified

2024-08-02 02:51

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE

n/a

Summary

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T355538
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mediawiki:mediawiki:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mediawiki",
            "vendor": "mediawiki",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34507",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T19:15:00.462095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-80",
                "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:58.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:11.465Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T355538"
          },
          {
            "name": "FEDORA-2024-2c564b942d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:32.891727",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T355538"
        },
        {
          "name": "FEDORA-2024-2c564b942d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-34507",
    "datePublished": "2024-05-05T00:00:00",
    "dateReserved": "2024-05-05T00:00:00",
    "dateUpdated": "2024-08-02T02:51:11.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1579 (GCVE-0-2011-1579)

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-06 22:28

Severity ?

CWE

n/a

Summary

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=28450	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0978	vdb-entry, x_refsource_VUPEN
	http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/47354	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/44142	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/1151	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66738	vdb-entry, x_refsource_XF
	http://www.debian.org/security/2011/dsa-2366	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=696360	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2011/1100	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=695577	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/04/13/15	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-5495",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450"
          },
          {
            "name": "ADV-2011-0978",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0978"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856"
          },
          {
            "name": "FEDORA-2011-5807",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
          },
          {
            "name": "47354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47354"
          },
          {
            "name": "44142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44142"
          },
          {
            "name": "FEDORA-2011-5848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
          },
          {
            "name": "ADV-2011-1151",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1151"
          },
          {
            "name": "mediawiki-css-data-xss(66738)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738"
          },
          {
            "name": "DSA-2366",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2366"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
          },
          {
            "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
          },
          {
            "name": "ADV-2011-1100",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1100"
          },
          {
            "name": "FEDORA-2011-5812",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
          },
          {
            "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \\2f\\2a and \\2a\\2f hex strings to surround CSS comments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-5495",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450"
        },
        {
          "name": "ADV-2011-0978",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0978"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856"
        },
        {
          "name": "FEDORA-2011-5807",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
        },
        {
          "name": "47354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47354"
        },
        {
          "name": "44142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44142"
        },
        {
          "name": "FEDORA-2011-5848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
        },
        {
          "name": "ADV-2011-1151",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1151"
        },
        {
          "name": "mediawiki-css-data-xss(66738)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738"
        },
        {
          "name": "DSA-2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2366"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
        },
        {
          "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
        },
        {
          "name": "ADV-2011-1100",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1100"
        },
        {
          "name": "FEDORA-2011-5812",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
        },
        {
          "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1579",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2011-04-05T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30155 (GCVE-0-2021-30155)

Vulnerability from cvelistv5

Published

2021-04-09 06:09

Modified

2024-08-03 22:24

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T270988	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4889	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202107-40	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T270988"
          },
          {
            "name": "DSA-4889",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4889"
          },
          {
            "name": "FEDORA-2021-f4223b6684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
          },
          {
            "name": "FEDORA-2021-d298103d3a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
          },
          {
            "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
          },
          {
            "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
          },
          {
            "name": "GLSA-202107-40",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-17T07:06:27",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T270988"
        },
        {
          "name": "DSA-4889",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4889"
        },
        {
          "name": "FEDORA-2021-f4223b6684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
        },
        {
          "name": "FEDORA-2021-d298103d3a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
        },
        {
          "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
        },
        {
          "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
        },
        {
          "name": "GLSA-202107-40",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-40"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30155",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T270988",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T270988"
            },
            {
              "name": "DSA-4889",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4889"
            },
            {
              "name": "FEDORA-2021-f4223b6684",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
            },
            {
              "name": "FEDORA-2021-d298103d3a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
            },
            {
              "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
            },
            {
              "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
            },
            {
              "name": "GLSA-202107-40",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-40"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30155",
    "datePublished": "2021-04-09T06:09:46",
    "dateReserved": "2021-04-06T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40599 (GCVE-0-2024-40599)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2025-03-20 20:36

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

►

URL

Tags

https://phabricator.wikimedia.org/T361448

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T17:50:19.904197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T20:36:12.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T361448"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:26:21.269Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T361448"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40599",
    "datePublished": "2024-07-06T00:00:00.000Z",
    "dateReserved": "2024-07-06T00:00:00.000Z",
    "dateUpdated": "2025-03-20T20:36:12.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1318 (GCVE-0-2008-1318)

Vulnerability from cvelistv5

Published

2008-03-13 14:00

Modified

2024-08-07 08:17

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.

References

►

URL

Tags

	http://www.securityfocus.com/bid/28070	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/29216	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/40960	vdb-entry, x_refsource_XF
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1019535	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/0732/references	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:34.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28070",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28070"
          },
          {
            "name": "29216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29216"
          },
          {
            "name": "[MediaWiki-announce] 20080307 MediaWiki 1.11.2 released (security)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html"
          },
          {
            "name": "mediawiki-jsoncallbacks-info-disclosure(40960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES"
          },
          {
            "name": "1019535",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019535"
          },
          {
            "name": "ADV-2008-0732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0732/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive \"cross-site\" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28070",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28070"
        },
        {
          "name": "29216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29216"
        },
        {
          "name": "[MediaWiki-announce] 20080307 MediaWiki 1.11.2 released (security)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html"
        },
        {
          "name": "mediawiki-jsoncallbacks-info-disclosure(40960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES"
        },
        {
          "name": "1019535",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019535"
        },
        {
          "name": "ADV-2008-0732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0732/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1318",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive \"cross-site\" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28070",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28070"
            },
            {
              "name": "29216",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29216"
            },
            {
              "name": "[MediaWiki-announce] 20080307 MediaWiki 1.11.2 released (security)",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html"
            },
            {
              "name": "mediawiki-jsoncallbacks-info-disclosure(40960)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40960"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES"
            },
            {
              "name": "1019535",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019535"
            },
            {
              "name": "ADV-2008-0732",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0732/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1318",
    "datePublished": "2008-03-13T14:00:00",
    "dateReserved": "2008-03-13T00:00:00",
    "dateUpdated": "2024-08-07T08:17:34.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41766 (GCVE-0-2022-41766)

Vulnerability from cvelistv5

Published

2023-05-29 00:00

Modified

2025-01-14 15:25

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).

References

►

URL

Tags

https://phabricator.wikimedia.org/T307278

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:44.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T307278"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:23:19.366174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T15:25:06.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-29T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T307278"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-41766",
    "datePublished": "2023-05-29T00:00:00",
    "dateReserved": "2022-09-29T00:00:00",
    "dateUpdated": "2025-01-14T15:25:06.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34506 (GCVE-0-2024-34506)

Vulnerability from cvelistv5

Published

2024-05-05 00:00

Modified

2024-08-02 02:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Summary

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T357760
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mediawiki:mediawiki:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mediawiki",
            "vendor": "mediawiki",
            "versions": [
              {
                "lessThan": "1.41.1",
                "status": "affected",
                "version": "1.41.x",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34506",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-06T14:48:08.870687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:41:15.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:11.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T357760"
          },
          {
            "name": "FEDORA-2024-2c564b942d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:44.287362",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T357760"
        },
        {
          "name": "FEDORA-2024-2c564b942d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-34506",
    "datePublished": "2024-05-05T00:00:00",
    "dateReserved": "2024-05-05T00:00:00",
    "dateUpdated": "2024-08-02T02:51:11.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46146 (GCVE-0-2021-46146)

Vulnerability from cvelistv5

Published

2022-01-07 05:53

Modified

2024-08-04 05:02

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T293556	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:02:10.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T293556"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-07T05:53:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T293556"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-46146",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T293556",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T293556"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46146",
    "datePublished": "2022-01-07T05:53:16",
    "dateReserved": "2022-01-07T00:00:00",
    "dateUpdated": "2024-08-04T05:02:10.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45370 (GCVE-0-2023-45370)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 17:58

Severity ?

CWE

n/a

Summary

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T345680
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T345680"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45370",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:55:48.336136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-862",
                "description": "CWE-862 Missing Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:58:01.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T05:32:56.540857",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T345680"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/959699/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45370",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T17:58:01.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2698 (GCVE-0-2012-2698)

Vulnerability from cvelistv5

Published

2012-06-29 19:00

Modified

2024-08-06 19:42

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html	mailing-list, x_refsource_MLIST
	https://www.mediawiki.org/wiki/Release_notes/1.18	x_refsource_CONFIRM
	http://www.osvdb.org/82983	vdb-entry, x_refsource_OSVDB
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/49484	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=36938	x_refsource_CONFIRM
	http://securitytracker.com/id?1027179	vdb-entry, x_refsource_SECTRACK
	https://www.mediawiki.org/wiki/Release_notes/1.19	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/76311	vdb-entry, x_refsource_XF
	https://www.mediawiki.org/wiki/Release_notes/1.17	x_refsource_CONFIRM
	https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/06/14/2	mailing-list, x_refsource_MLIST
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:42:31.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.17.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.18"
          },
          {
            "name": "82983",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/82983"
          },
          {
            "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.18.4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html"
          },
          {
            "name": "49484",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49484"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938"
          },
          {
            "name": "1027179",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1027179"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
          },
          {
            "name": "mediawiki-index-uselang-xss(76311)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76311"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php"
          },
          {
            "name": "[oss-security] 20120613 Re: CVE request: XSS in uselang http parameter (mediawiki)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/06/14/2"
          },
          {
            "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.19.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.17.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.18"
        },
        {
          "name": "82983",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/82983"
        },
        {
          "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.18.4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000117.html"
        },
        {
          "name": "49484",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49484"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=36938"
        },
        {
          "name": "1027179",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1027179"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
        },
        {
          "name": "mediawiki-index-uselang-xss(76311)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76311"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php"
        },
        {
          "name": "[oss-security] 20120613 Re: CVE request: XSS in uselang http parameter (mediawiki)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/06/14/2"
        },
        {
          "name": "[MediaWiki-announce] 20120613 MediaWiki security release 1.19.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2698",
    "datePublished": "2012-06-29T19:00:00",
    "dateReserved": "2012-05-14T00:00:00",
    "dateUpdated": "2024-08-06T19:42:31.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-1648 (GCVE-0-2010-1648)

Vulnerability from cvelistv5

Published

2010-06-07 20:00

Modified

2024-08-07 01:28

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=23371	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:41.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2010-10848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23371"
          },
          {
            "name": "[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
          },
          {
            "name": "FEDORA-2010-10779",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-30T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2010-10848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23371"
        },
        {
          "name": "[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html"
        },
        {
          "name": "FEDORA-2010-10779",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-1648",
    "datePublished": "2010-06-07T20:00:00",
    "dateReserved": "2010-04-29T00:00:00",
    "dateUpdated": "2024-08-07T01:28:41.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4572 (GCVE-0-2013-4572)

Vulnerability from cvelistv5

Published

2020-02-06 14:40

Modified

2024-08-06 16:45

Severity ?

CWE

Other

Summary

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

References

►

URL

Tags

	https://bugzilla.wikimedia.org/show_bug.cgi?id=53032	x_refsource_MISC
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html	x_refsource_MISC
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html	x_refsource_MISC
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Wikimedia Foundation	MediaWiki	Version: before 1.19.9 Version: 1.20.x before 1.20.8 Version: 1.21.x before 1.21.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:15.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.19.9"
            },
            {
              "status": "affected",
              "version": "1.20.x before 1.20.8"
            },
            {
              "status": "affected",
              "version": "1.21.x before 1.21.3"
            }
          ]
        }
      ],
      "datePublic": "2013-08-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-06T14:40:13",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4572",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.19.9"
                          },
                          {
                            "version_value": "1.20.x before 1.20.8"
                          },
                          {
                            "version_value": "1.21.x before 1.21.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032",
              "refsource": "MISC",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
            },
            {
              "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html",
              "refsource": "MISC",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
            },
            {
              "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html",
              "refsource": "MISC",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
            },
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html",
              "refsource": "CONFIRM",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4572",
    "datePublished": "2020-02-06T14:40:13",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:15.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-47927 (GCVE-0-2022-47927)

Vulnerability from cvelistv5

Published

2023-01-12 00:00

Modified

2025-04-08 15:40

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T322637
	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/	vendor-advisory
	https://security.gentoo.org/glsa/202305-24	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:02:36.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T322637"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/"
          },
          {
            "name": "FEDORA-2023-30a7a812f0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          },
          {
            "name": "[debian-lts-announce] 20230710 [SECURITY] [DLA 3489-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-47927",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T15:40:18.677236Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T15:40:49.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-10T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T322637"
        },
        {
          "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/"
        },
        {
          "name": "FEDORA-2023-30a7a812f0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        },
        {
          "name": "[debian-lts-announce] 20230710 [SECURITY] [DLA 3489-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00011.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-47927",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2022-12-22T00:00:00.000Z",
    "dateUpdated": "2025-04-08T15:40:49.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9478 (GCVE-0-2014-9478)

Vulnerability from cvelistv5

Published

2015-01-16 16:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2015/01/03/13	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T73111	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2014/12/21/2	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:40.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T73111"
          },
          {
            "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
          },
          {
            "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-16T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T73111"
        },
        {
          "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
        },
        {
          "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9478",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "https://phabricator.wikimedia.org/T73111",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T73111"
            },
            {
              "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
            },
            {
              "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9478",
    "datePublished": "2015-01-16T16:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:40.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-35197 (GCVE-0-2021-35197)

Vulnerability from cvelistv5

Published

2021-07-02 12:28

Modified

2024-08-04 00:33

Severity ?

CWE

n/a

Summary

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T280226	x_refsource_MISC
	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202107-40	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4979	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:33:51.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T280226"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/"
          },
          {
            "name": "GLSA-202107-40",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-40"
          },
          {
            "name": "DSA-4979",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4979"
          },
          {
            "name": "[debian-lts-announce] 20211009 [SECURITY] [DLA 2779-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html"
          },
          {
            "name": "FEDORA-2021-eee8b7514f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
          },
          {
            "name": "FEDORA-2021-56d8173b5e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
          },
          {
            "name": "FEDORA-2021-3dd1b66cbf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a \"sitewide block\" applied, it is able to still \"purge\" pages through the MediaWiki Action API (which a \"sitewide block\" should have prevented)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-30T01:07:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T280226"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/"
        },
        {
          "name": "GLSA-202107-40",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-40"
        },
        {
          "name": "DSA-4979",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4979"
        },
        {
          "name": "[debian-lts-announce] 20211009 [SECURITY] [DLA 2779-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html"
        },
        {
          "name": "FEDORA-2021-eee8b7514f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
        },
        {
          "name": "FEDORA-2021-56d8173b5e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
        },
        {
          "name": "FEDORA-2021-3dd1b66cbf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-35197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a \"sitewide block\" applied, it is able to still \"purge\" pages through the MediaWiki Action API (which a \"sitewide block\" should have prevented)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T280226",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T280226"
            },
            {
              "name": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/"
            },
            {
              "name": "GLSA-202107-40",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-40"
            },
            {
              "name": "DSA-4979",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4979"
            },
            {
              "name": "[debian-lts-announce] 20211009 [SECURITY] [DLA 2779-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00003.html"
            },
            {
              "name": "FEDORA-2021-eee8b7514f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
            },
            {
              "name": "FEDORA-2021-56d8173b5e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
            },
            {
              "name": "FEDORA-2021-3dd1b66cbf",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-35197",
    "datePublished": "2021-07-02T12:28:45",
    "dateReserved": "2021-06-22T00:00:00",
    "dateUpdated": "2024-08-04T00:33:51.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-45474 (GCVE-0-2021-45474)

Vulnerability from cvelistv5

Published

2021-12-24 01:03

Modified

2024-08-04 04:39

Severity ?

CWE

n/a

Summary

In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T296605	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:21.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T296605"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e"
          },
          {
            "name": "FEDORA-2021-bef1126908",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T02:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T296605"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e"
        },
        {
          "name": "FEDORA-2021-bef1126908",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T296605",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T296605"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e"
            },
            {
              "name": "FEDORA-2021-bef1126908",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45474",
    "datePublished": "2021-12-24T01:03:28",
    "dateReserved": "2021-12-24T00:00:00",
    "dateUpdated": "2024-08-04T04:39:21.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23179 (GCVE-0-2024-23179)

Vulnerability from cvelistv5

Published

2024-01-12 00:00

Modified

2024-09-25 20:34

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

References

►

URL

Tags

	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
	https://phabricator.wikimedia.org/T347746

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T347746"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23179",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T20:31:46.384170Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T20:34:20.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T05:13:59.107634",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
        },
        {
          "url": "https://phabricator.wikimedia.org/T347746"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-23179",
    "datePublished": "2024-01-12T00:00:00",
    "dateReserved": "2024-01-12T00:00:00",
    "dateUpdated": "2024-09-25T20:34:20.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4301 (GCVE-0-2013-4301)

Vulnerability from cvelistv5

Published

2013-10-27 00:00

Modified

2024-08-06 16:38

Severity ?

CWE

n/a

Summary

includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/86895	vdb-entry, x_refsource_XF
	http://seclists.org/oss-sec/2013/q3/553	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/54715	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	mailing-list, x_refsource_MLIST
	http://osvdb.org/96913	vdb-entry, x_refsource_OSVDB
	https://bugzilla.wikimedia.org/show_bug.cgi?id=46332	x_refsource_CONFIRM
	https://www.mediawiki.org/wiki/Release_notes/1.19	x_refsource_CONFIRM
	https://www.mediawiki.org/wiki/Release_notes/1.20	x_refsource_CONFIRM
	https://www.mediawiki.org/wiki/Release_notes/1.21	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-cve20134301-info-disclosure(86895)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86895"
          },
          {
            "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "name": "54715",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54715"
          },
          {
            "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "name": "96913",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96913"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a \"\u003c\" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "mediawiki-cve20134301-info-disclosure(86895)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86895"
        },
        {
          "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "name": "54715",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54715"
        },
        {
          "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "name": "96913",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96913"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4301",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a \"\u003c\" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mediawiki-cve20134301-info-disclosure(86895)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86895"
            },
            {
              "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "54715",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54715"
            },
            {
              "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "96913",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96913"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46332",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46332"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.19",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.20",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.21",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4301",
    "datePublished": "2013-10-27T00:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45369 (GCVE-0-2023-45369)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 18:02

Severity ?

CWE

n/a

Summary

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T344359
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T344359"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T18:02:27.828374Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T18:02:39.021Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T05:33:06.717784",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T344359"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45369",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T18:02:39.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9507 (GCVE-0-2014-9507)

Vulnerability from cvelistv5

Published

2015-01-04 21:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T72901	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:40.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T72901"
          },
          {
            "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-12T14:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T72901"
        },
        {
          "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T72901",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T72901"
            },
            {
              "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9507",
    "datePublished": "2015-01-04T21:00:00",
    "dateReserved": "2015-01-04T00:00:00",
    "dateUpdated": "2024-08-06T13:47:40.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28201 (GCVE-0-2022-28201)

Vulnerability from cvelistv5

Published

2022-09-19 00:00

Modified

2024-08-03 05:48

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T297571
	https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html
	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	mailing-list
	https://www.debian.org/security/2022/dsa-5246	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297571"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html"
          },
          {
            "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
          },
          {
            "name": "DSA-5246",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5246"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-06T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T297571"
        },
        {
          "url": "https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html"
        },
        {
          "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
        },
        {
          "name": "DSA-5246",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5246"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28201",
    "datePublished": "2022-09-19T00:00:00",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-08-03T05:48:37.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-5250 (GCVE-0-2008-5250)

Vulnerability from cvelistv5

Published

2008-12-19 17:00

Modified

2024-08-07 10:49

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

References

►

URL

Tags

	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2009/dsa-1901	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33133	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/32844	vdb-entry, x_refsource_BID
	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/33349	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:11.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-11802",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
          },
          {
            "name": "DSA-1901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1901"
          },
          {
            "name": "33133",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33133"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
          },
          {
            "name": "32844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32844"
          },
          {
            "name": "FEDORA-2008-11688",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
          },
          {
            "name": "33349",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-01T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2008-11802",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
        },
        {
          "name": "DSA-1901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1901"
        },
        {
          "name": "33133",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33133"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
        },
        {
          "name": "32844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32844"
        },
        {
          "name": "FEDORA-2008-11688",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
        },
        {
          "name": "33349",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33349"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2008-11802",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
            },
            {
              "name": "DSA-1901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1901"
            },
            {
              "name": "33133",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33133"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
            },
            {
              "name": "32844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32844"
            },
            {
              "name": "FEDORA-2008-11688",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
            },
            {
              "name": "33349",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33349"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5250",
    "datePublished": "2008-12-19T17:00:00",
    "dateReserved": "2008-11-26T00:00:00",
    "dateUpdated": "2024-08-07T10:49:11.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41765 (GCVE-0-2022-41765)

Vulnerability from cvelistv5

Published

2022-12-26 00:00

Modified

2025-04-14 14:25

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T309894
	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T309894"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41765",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T14:24:49.070243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T14:25:23.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unknown",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T21:06:56.935Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T309894"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-41765",
    "datePublished": "2022-12-26T00:00:00.000Z",
    "dateReserved": "2022-09-29T00:00:00.000Z",
    "dateUpdated": "2025-04-14T14:25:23.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35624 (GCVE-0-2020-35624)

Vulnerability from cvelistv5

Published

2020-12-21 22:36

Modified

2024-08-04 17:09

Severity ?

CWE

n/a

Summary

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T268794	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:14.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T268794"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T22:36:51",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T268794"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T268794",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T268794"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35624",
    "datePublished": "2020-12-21T22:36:51",
    "dateReserved": "2020-12-21T00:00:00",
    "dateUpdated": "2024-08-04T17:09:14.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30156 (GCVE-0-2021-30156)

Vulnerability from cvelistv5

Published

2021-04-09 06:10

Modified

2024-08-03 22:24

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T276306	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T276306"
          },
          {
            "name": "FEDORA-2021-f4223b6684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
          },
          {
            "name": "FEDORA-2021-d298103d3a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a \"hidden\" user exists."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-24T22:06:29",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T276306"
        },
        {
          "name": "FEDORA-2021-f4223b6684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
        },
        {
          "name": "FEDORA-2021-d298103d3a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30156",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a \"hidden\" user exists."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T276306",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T276306"
            },
            {
              "name": "FEDORA-2021-f4223b6684",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
            },
            {
              "name": "FEDORA-2021-d298103d3a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30156",
    "datePublished": "2021-04-09T06:10:16",
    "dateReserved": "2021-04-06T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-26120 (GCVE-0-2020-26120)

Vulnerability from cvelistv5

Published

2020-09-27 20:07

Modified

2024-08-04 15:49

Severity ?

CWE

n/a

Summary

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T262213	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:07.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T262213"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery\u0027s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T262213"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-26120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery\u0027s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T262213",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T262213"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-26120",
    "datePublished": "2020-09-27T20:07:52",
    "dateReserved": "2020-09-27T00:00:00",
    "dateUpdated": "2024-08-04T15:49:07.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29906 (GCVE-0-2022-29906)

Vulnerability from cvelistv5

Published

2022-04-29 03:42

Modified

2024-08-03 06:33

Severity ?

CWE

n/a

Summary

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T302199	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T302199"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-29T03:42:52",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T302199"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-29906",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T302199",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T302199"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/QuizGame/+/765651"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-29906",
    "datePublished": "2022-04-29T03:42:52",
    "dateReserved": "2022-04-29T00:00:00",
    "dateUpdated": "2024-08-03T06:33:43.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-29003 (GCVE-0-2020-29003)

Vulnerability from cvelistv5

Published

2020-11-24 05:37

Modified

2024-08-04 16:48

Severity ?

CWE

n/a

Summary

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.

References

►

URL

Tags

https://phabricator.wikimedia.org/T266508

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:01.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T266508"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-24T05:37:50",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T266508"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T266508",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T266508"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29003",
    "datePublished": "2020-11-24T05:37:50",
    "dateReserved": "2020-11-24T00:00:00",
    "dateUpdated": "2024-08-04T16:48:01.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9481 (GCVE-0-2014-9481)

Vulnerability from cvelistv5

Published

2020-01-27 15:38

Modified

2024-08-06 13:47

Severity ?

CWE

Other

Summary

The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2014/12/21/2	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2015/01/03/13	x_refsource_MISC
	https://phabricator.wikimedia.org/T73167	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Scribunto	Scribunto	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T73167"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Scribunto",
          "vendor": "Scribunto",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-27T15:38:50",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T73167"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9481",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Scribunto",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Scribunto"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openwall.com/lists/oss-security/2014/12/21/2",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2015/01/03/13",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "https://phabricator.wikimedia.org/T73167",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T73167"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9481",
    "datePublished": "2020-01-27T15:38:50",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-1190 (GCVE-0-2010-1190)

Vulnerability from cvelistv5

Published

2010-03-31 17:35

Modified

2024-08-07 01:14

Severity ?

CWE

n/a

Summary

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.

References

►

URL

Tags

	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://secunia.com/advisories/39656	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2010/dsa-2022	vendor-advisory, x_refsource_DEBIAN
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.vupen.com/english/advisories/2010/0685	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/39022	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/1001	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES"
          },
          {
            "name": "39656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39656"
          },
          {
            "name": "DSA-2022",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2022"
          },
          {
            "name": "[MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
          },
          {
            "name": "SUSE-SR:2010:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
          },
          {
            "name": "ADV-2010-0685",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0685"
          },
          {
            "name": "39022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39022"
          },
          {
            "name": "ADV-2010-1001",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-04-30T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES"
        },
        {
          "name": "39656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39656"
        },
        {
          "name": "DSA-2022",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2022"
        },
        {
          "name": "[MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
        },
        {
          "name": "SUSE-SR:2010:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
        },
        {
          "name": "ADV-2010-0685",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0685"
        },
        {
          "name": "39022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39022"
        },
        {
          "name": "ADV-2010-1001",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES"
            },
            {
              "name": "39656",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39656"
            },
            {
              "name": "DSA-2022",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2022"
            },
            {
              "name": "[MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
            },
            {
              "name": "SUSE-SR:2010:010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
            },
            {
              "name": "ADV-2010-0685",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0685"
            },
            {
              "name": "39022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39022"
            },
            {
              "name": "ADV-2010-1001",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1190",
    "datePublished": "2010-03-31T17:35:00",
    "dateReserved": "2010-03-30T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6334 (GCVE-0-2016-6334)

Vulnerability from cvelistv5

Published

2017-04-20 17:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.

References

►

URL

Tags

	http://www.securityfocus.com/bid/98057	vdb-entry, x_refsource_BID
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T137264	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98057",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98057"
          },
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T137264"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-28T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "98057",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98057"
        },
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T137264"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98057",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98057"
            },
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "https://phabricator.wikimedia.org/T137264",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T137264"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6334",
    "datePublished": "2017-04-20T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2938 (GCVE-0-2015-2938)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T85855	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T85855"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T85855"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T85855",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T85855"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2938",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6454 (GCVE-0-2013-6454)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-08-06 17:39

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T13:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6454",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6454",
    "datePublished": "2014-05-12T14:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2788 (GCVE-0-2010-2788)

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-07 02:46

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=620225	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=620226	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	vendor-advisory, x_refsource_FEDORA
	http://openwall.com/lists/oss-security/2010/07/29/4	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/42024	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	vendor-advisory, x_refsource_FEDORA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	mailing-list, x_refsource_MLIST
	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html	vendor-advisory, x_refsource_FEDORA
	http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:46:48.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620225"
          },
          {
            "name": "FEDORA-2011-5495",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
          },
          {
            "name": "FEDORA-2011-5807",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
          },
          {
            "name": "[oss-security] 20100729 Re: CVE request: mediawiki",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
          },
          {
            "name": "42024",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/42024"
          },
          {
            "name": "FEDORA-2011-5848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
          },
          {
            "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69952"
          },
          {
            "name": "FEDORA-2011-5812",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69984"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620225"
        },
        {
          "name": "FEDORA-2011-5495",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226"
        },
        {
          "name": "FEDORA-2011-5807",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
        },
        {
          "name": "[oss-security] 20100729 Re: CVE request: mediawiki",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
        },
        {
          "name": "42024",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/42024"
        },
        {
          "name": "FEDORA-2011-5848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
        },
        {
          "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69952"
        },
        {
          "name": "FEDORA-2011-5812",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision\u0026revision=69984"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2788",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2010-07-22T00:00:00",
    "dateUpdated": "2024-08-07T02:46:48.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6727 (GCVE-0-2015-6727)

Vulnerability from cvelistv5

Published

2015-09-01 14:00

Modified

2024-08-06 07:29

Severity ?

CWE

n/a

Summary

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

References

►

URL

Tags

	https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T106893	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T106893"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-09-01T12:57:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82"
        },
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T106893"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82",
              "refsource": "CONFIRM",
              "url": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "https://phabricator.wikimedia.org/T106893",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T106893"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6727",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25812 (GCVE-0-2020-25812)

Vulnerability from cvelistv5

Published

2020-09-27 20:25

Modified

2024-08-04 15:40

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.

References

►

URL

Tags

	https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-25812",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-25812",
    "datePublished": "2020-09-27T20:25:18",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8001 (GCVE-0-2015-8001)

Vulnerability from cvelistv5

Published

2015-11-09 18:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.

References

►

URL

Tags

	http://www.securitytracker.com/id/1034028	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T91203	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034028"
          },
          {
            "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T91203"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1034028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034028"
        },
        {
          "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T91203"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8001",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034028"
            },
            {
              "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T91203",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T91203"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8001",
    "datePublished": "2015-11-09T18:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6333 (GCVE-0-2016-6333)

Vulnerability from cvelistv5

Published

2017-04-20 17:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1369613	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T133147	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98053	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T133147"
          },
          {
            "name": "98053",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-28T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T133147"
        },
        {
          "name": "98053",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
            },
            {
              "name": "https://phabricator.wikimedia.org/T133147",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T133147"
            },
            {
              "name": "98053",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6333",
    "datePublished": "2017-04-20T17:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27621 (GCVE-0-2020-27621)

Vulnerability from cvelistv5

Published

2020-10-22 03:04

Modified

2024-08-04 16:18

Severity ?

CWE

n/a

Summary

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T265810	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:18:44.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T265810"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user\u0027s IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-22T03:04:57",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T265810"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-27621",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user\u0027s IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T265810",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T265810"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-27621",
    "datePublished": "2020-10-22T03:04:57",
    "dateReserved": "2020-10-22T00:00:00",
    "dateUpdated": "2024-08-04T16:18:44.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40605 (GCVE-0-2024-40605)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2025-03-14 13:28

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

►

URL

Tags

https://phabricator.wikimedia.org/T361452

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mediawiki",
            "vendor": "mediawiki",
            "versions": [
              {
                "lessThanOrEqual": "1.42.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40605",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T20:21:49.319035Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T13:28:30.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T361452"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:27:19.876Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T361452"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40605",
    "datePublished": "2024-07-06T00:00:00.000Z",
    "dateReserved": "2024-07-06T00:00:00.000Z",
    "dateUpdated": "2025-03-14T13:28:30.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-34750 (GCVE-0-2022-34750)

Vulnerability from cvelistv5

Published

2022-06-28 12:20

Modified

2024-08-03 09:22

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T308659	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:22:09.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T308659"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-28T12:20:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T308659"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-34750",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T308659",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T308659"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I8171bfef73e525d73efa60b407ce147130ea4742"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Id89a9b08e40f075d2d422cafd03668dff3ce7fc9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34750",
    "datePublished": "2022-06-28T12:20:42",
    "dateReserved": "2022-06-28T00:00:00",
    "dateUpdated": "2024-08-03T09:22:09.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40598 (GCVE-0-2024-40598)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2025-03-25 16:10

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)

References

►

URL

Tags

https://phabricator.wikimedia.org/T326867

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T19:00:46.249564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-532",
                "description": "CWE-532 Insertion of Sensitive Information into Log File",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T16:10:43.828Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T326867"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:26:12.746Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T326867"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40598",
    "datePublished": "2024-07-06T00:00:00.000Z",
    "dateReserved": "2024-07-06T00:00:00.000Z",
    "dateUpdated": "2025-03-25T16:10:43.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1766 (GCVE-0-2011-1766)

Vulnerability from cvelistv5

Published

2011-05-23 22:00

Modified

2024-08-06 22:37

Severity ?

CWE

n/a

Summary

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=702512	x_refsource_CONFIRM
	https://bugzilla.wikimedia.org/show_bug.cgi?id=28639	x_refsource_CONFIRM
	http://secunia.com/advisories/44684	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/47722	vdb-entry, x_refsource_BID
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:25.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-6774",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639"
          },
          {
            "name": "44684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44684"
          },
          {
            "name": "47722",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47722"
          },
          {
            "name": "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
          },
          {
            "name": "FEDORA-2011-6781",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
          },
          {
            "name": "FEDORA-2011-6775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-06-16T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-6774",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639"
        },
        {
          "name": "44684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44684"
        },
        {
          "name": "47722",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47722"
        },
        {
          "name": "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html"
        },
        {
          "name": "FEDORA-2011-6781",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html"
        },
        {
          "name": "FEDORA-2011-6775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1766",
    "datePublished": "2011-05-23T22:00:00",
    "dateReserved": "2011-04-19T00:00:00",
    "dateUpdated": "2024-08-06T22:37:25.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3550 (GCVE-0-2023-3550)

Vulnerability from cvelistv5

Published

2023-09-25 15:20

Modified

2025-02-13 16:55

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

References

►

URL

Tags

	https://fluidattacks.com/advisories/blondie/
	https://www.mediawiki.org/wiki/MediaWiki/
	https://www.debian.org/security/2023/dsa-5520
	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

Impacted products

	Vendor	Product	Version
	MediaWiki	MediaWiki	Version: 1.40.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:56.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fluidattacks.com/advisories/blondie/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/MediaWiki/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5520"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3550",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T15:57:17.402370Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T15:57:25.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "MediaWiki",
          "vendor": "MediaWiki",
          "versions": [
            {
              "status": "affected",
              "version": "1.40.0"
            }
          ]
        }
      ],
      "datePublic": "2023-10-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eMediawiki v1.40.0 does not validate namespaces used in XML files.\u003c/div\u003e\u003cdiv\u003eTherefore, if the instance administrator allows XML file uploads,\u003c/div\u003e\u003cdiv\u003ea remote attacker with a low-privileged user account can use this\u003c/div\u003e\u003cdiv\u003eexploit to become an administrator by sending a malicious link to\u003c/div\u003e\u003cdiv\u003ethe instance administrator.\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "Mediawiki v1.40.0 does not validate namespaces used in XML files.\n\nTherefore, if the instance administrator allows XML file uploads,\n\na remote attacker with a low-privileged user account can use this\n\nexploit to become an administrator by sending a malicious link to\n\nthe instance administrator."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:36.593Z",
        "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "shortName": "Fluid Attacks"
      },
      "references": [
        {
          "url": "https://fluidattacks.com/advisories/blondie/"
        },
        {
          "url": "https://www.mediawiki.org/wiki/MediaWiki/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5520"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stored XSS leads to privilege escalation in MediaWiki v1.40.0",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
    "assignerShortName": "Fluid Attacks",
    "cveId": "CVE-2023-3550",
    "datePublished": "2023-09-25T15:20:27.351Z",
    "dateReserved": "2023-07-08T01:02:40.399Z",
    "dateUpdated": "2025-02-13T16:55:50.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41798 (GCVE-0-2021-41798)

Vulnerability from cvelistv5

Published

2021-10-11 00:00

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T285515
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/	vendor-advisory
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:24.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T285515"
          },
          {
            "name": "FEDORA-2021-eee8b7514f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
          },
          {
            "name": "FEDORA-2021-56d8173b5e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
          },
          {
            "name": "FEDORA-2021-3dd1b66cbf",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T285515"
        },
        {
          "name": "FEDORA-2021-eee8b7514f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
        },
        {
          "name": "FEDORA-2021-56d8173b5e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
        },
        {
          "name": "FEDORA-2021-3dd1b66cbf",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-41798",
    "datePublished": "2021-10-11T00:00:00",
    "dateReserved": "2021-09-29T00:00:00",
    "dateUpdated": "2024-08-04T03:22:24.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8809 (GCVE-0-2017-8809)

Vulnerability from cvelistv5

Published

2017-11-15 08:00

Modified

2024-08-05 16:48

Severity ?

CWE

Reflected File Download

Summary

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4036	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2	Version: MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:21.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
          },
          {
            "name": "DSA-4036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Reflected File Download",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-16T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
        },
        {
          "name": "DSA-4036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-8809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Reflected File Download"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
            },
            {
              "name": "DSA-4036",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-8809",
    "datePublished": "2017-11-15T08:00:00",
    "dateReserved": "2017-05-07T00:00:00",
    "dateUpdated": "2024-08-05T16:48:21.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8004 (GCVE-0-2015-8004)

Vulnerability from cvelistv5

Published

2015-11-09 18:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T95589	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034028	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T95589"
          },
          {
            "name": "1034028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034028"
          },
          {
            "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T95589"
        },
        {
          "name": "1034028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034028"
        },
        {
          "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8004",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T95589",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T95589"
            },
            {
              "name": "1034028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034028"
            },
            {
              "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8004",
    "datePublished": "2015-11-09T18:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1055 (GCVE-0-2007-1055)

Vulnerability from cvelistv5

Published

2007-02-21 23:00

Modified

2024-08-07 12:43

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

References

►

URL

Tags

	http://www.bugsec.com/articles.php?Security=24	x_refsource_MISC
	http://www.securityfocus.com/archive/1/460596/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securityreason.com/securityalert/2274	third-party-advisory, x_refsource_SREASON
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586	vdb-entry, x_refsource_XF
	http://osvdb.org/37343	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:43:22.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.bugsec.com/articles.php?Security=24"
          },
          {
            "name": "20070220 MediaWiki Cross-site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
          },
          {
            "name": "2274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES"
          },
          {
            "name": "mediawiki-index-xss(32586)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
          },
          {
            "name": "37343",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37343"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter.  NOTE: this issue might be a duplicate of CVE-2007-0177."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.bugsec.com/articles.php?Security=24"
        },
        {
          "name": "20070220 MediaWiki Cross-site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
        },
        {
          "name": "2274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES"
        },
        {
          "name": "mediawiki-index-xss(32586)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
        },
        {
          "name": "37343",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37343"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter.  NOTE: this issue might be a duplicate of CVE-2007-0177."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.bugsec.com/articles.php?Security=24",
              "refsource": "MISC",
              "url": "http://www.bugsec.com/articles.php?Security=24"
            },
            {
              "name": "20070220 MediaWiki Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
            },
            {
              "name": "2274",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2274"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES"
            },
            {
              "name": "mediawiki-index-xss(32586)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
            },
            {
              "name": "37343",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37343"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1055",
    "datePublished": "2007-02-21T23:00:00",
    "dateReserved": "2007-02-21T00:00:00",
    "dateUpdated": "2024-08-07T12:43:22.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0370 (GCVE-0-2017-0370)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 17:02

Severity ?

CWE

blacklist ineffective on certain URLs

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://security-tracker.debian.org/tracker/CVE-2017-0370	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T48143	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:57.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0370"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T48143"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax\u0027s link parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "blacklist ineffective on certain URLs",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0370"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T48143"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "Spam blacklist ineffective on encoded URLs inside file inclusion syntax\u0027s link parameter",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:19.000Z",
          "ID": "CVE-2017-0370",
          "STATE": "PUBLIC",
          "TITLE": "Spam blacklist ineffective on encoded URLs inside file inclusion syntax\u0027s link parameter"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax\u0027s link parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "blacklist ineffective on certain URLs"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0370",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0370"
            },
            {
              "name": "https://phabricator.wikimedia.org/T48143",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T48143"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0370",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T17:02:56.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6729 (GCVE-0-2015-6729)

Vulnerability from cvelistv5

Published

2015-09-01 14:00

Modified

2024-08-06 07:29

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/76334	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          },
          {
            "name": "76334",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76334"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        },
        {
          "name": "76334",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76334"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6729",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            },
            {
              "name": "76334",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76334"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6729",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35479 (GCVE-0-2020-35479)

Vulnerability from cvelistv5

Published

2020-12-18 07:42

Modified

2024-08-04 17:02

Severity ?

CWE

n/a

Summary

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T268938	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4816	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T268938"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
          },
          {
            "name": "DSA-4816",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4816"
          },
          {
            "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
          },
          {
            "name": "FEDORA-2020-0be2d40e13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-27T03:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T268938"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
        },
        {
          "name": "DSA-4816",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4816"
        },
        {
          "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
        },
        {
          "name": "FEDORA-2020-0be2d40e13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35479",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T268938",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T268938"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
            },
            {
              "name": "DSA-4816",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4816"
            },
            {
              "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
            },
            {
              "name": "FEDORA-2020-0be2d40e13",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35479",
    "datePublished": "2020-12-18T07:42:25",
    "dateReserved": "2020-12-16T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4570 (GCVE-0-2013-4570)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=54527	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:15.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54527"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T13:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54527"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54527",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54527"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4570",
    "datePublished": "2014-05-12T14:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:15.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8814 (GCVE-0-2017-8814)

Vulnerability from cvelistv5

Published

2017-11-15 08:00

Modified

2024-08-05 16:48

Severity ?

CWE

unrestricted text replacement

Summary

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

References

►

URL

Tags

	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4036	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2	Version: MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:21.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
          },
          {
            "name": "DSA-4036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by \"a lot of junk.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unrestricted text replacement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-16T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
        },
        {
          "name": "DSA-4036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-8814",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by \"a lot of junk.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unrestricted text replacement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
            },
            {
              "name": "DSA-4036",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-8814",
    "datePublished": "2017-11-15T08:00:00",
    "dateReserved": "2017-05-07T00:00:00",
    "dateUpdated": "2024-08-05T16:48:21.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6472 (GCVE-0-2013-6472)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-08-06 17:39

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T13:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6472",
    "datePublished": "2014-05-12T14:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0363 (GCVE-0-2017-0363)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 19:21

Severity ?

CWE

redirection to other external sites

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T109140	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2017-0363	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:56.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T109140"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0363"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "redirection to other external sites",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T109140"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0363"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "Special:UserLogin?returnto=interwiki:foo will redirect to external sites",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0363",
          "STATE": "PUBLIC",
          "TITLE": "Special:UserLogin?returnto=interwiki:foo will redirect to external sites"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "redirection to other external sites"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T109140",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T109140"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0363",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0363"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0363",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T19:21:14.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28203 (GCVE-0-2022-28203)

Vulnerability from cvelistv5

Published

2022-09-19 00:00

Modified

2024-08-03 05:48

Severity ?

CWE

n/a

Summary

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T297731
	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	mailing-list
	https://www.debian.org/security/2022/dsa-5246	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297731"
          },
          {
            "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
          },
          {
            "name": "DSA-5246",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5246"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-06T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T297731"
        },
        {
          "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
        },
        {
          "name": "DSA-5246",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5246"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28203",
    "datePublished": "2022-09-19T00:00:00",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-08-03T05:48:37.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2032 (GCVE-0-2013-2032)

Vulnerability from cvelistv5

Published

2013-11-15 18:16

Modified

2024-08-06 15:20

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/55433	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html	vendor-advisory, x_refsource_FEDORA
	http://security.gentoo.org/glsa/glsa-201310-21.xml	vendor-advisory, x_refsource_GENTOO
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=46590	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2013-7714",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
          },
          {
            "name": "55433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55433"
          },
          {
            "name": "FEDORA-2013-7654",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
          },
          {
            "name": "FEDORA-2013-7701",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
          },
          {
            "name": "GLSA-201310-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
          },
          {
            "name": "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-25T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2013-7714",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
        },
        {
          "name": "55433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55433"
        },
        {
          "name": "FEDORA-2013-7654",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
        },
        {
          "name": "FEDORA-2013-7701",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
        },
        {
          "name": "GLSA-201310-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
        },
        {
          "name": "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2013-7714",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
            },
            {
              "name": "55433",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55433"
            },
            {
              "name": "FEDORA-2013-7654",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
            },
            {
              "name": "FEDORA-2013-7701",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
            },
            {
              "name": "GLSA-201310-21",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
            },
            {
              "name": "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2032",
    "datePublished": "2013-11-15T18:16:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45363 (GCVE-0-2023-45363)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-10-15 18:00

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Summary

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T333050
	https://www.debian.org/security/2023/dsa-5520	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T333050"
          },
          {
            "name": "DSA-5520",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5520"
          },
          {
            "name": "[debian-lts-announce] 20231128 [SECURITY] [DLA 3671-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-45363",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:28:57.152625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-835",
                "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:00:10.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-28T13:06:18.349530",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T333050"
        },
        {
          "name": "DSA-5520",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5520"
        },
        {
          "name": "[debian-lts-announce] 20231128 [SECURITY] [DLA 3671-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45363",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-10-15T18:00:10.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46148 (GCVE-0-2021-46148)

Vulnerability from cvelistv5

Published

2022-01-07 05:54

Modified

2024-08-04 05:02

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T290808	x_refsource_MISC
	https://phabricator.wikimedia.org/T290856	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:02:10.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T290808"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T290856"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-07T05:54:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T290808"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T290856"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-46148",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T290808",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T290808"
            },
            {
              "name": "https://phabricator.wikimedia.org/T290856",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T290856"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46148",
    "datePublished": "2022-01-07T05:54:13",
    "dateReserved": "2022-01-07T00:00:00",
    "dateUpdated": "2024-08-04T05:02:10.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-2185 (GCVE-0-2004-2185)

Vulnerability from cvelistv5

Published

2005-07-10 04:00

Modified

2024-09-16 17:09

Severity ?

CWE

n/a

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.

References

►

URL

Tags

	http://sourceforge.net/project/shownotes.php?release_id=275099	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/11416	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:15:01.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
          },
          {
            "name": "11416",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-07-10T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
        },
        {
          "name": "11416",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=275099",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
            },
            {
              "name": "11416",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2185",
    "datePublished": "2005-07-10T04:00:00Z",
    "dateReserved": "2005-07-10T04:00:00Z",
    "dateUpdated": "2024-09-16T17:09:05.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31553 (GCVE-0-2021-31553)

Vulnerability from cvelistv5

Published

2021-04-22 02:29

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T275669	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T275669"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:29:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T275669"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31553",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T275669",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T275669"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667023"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667024"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667025"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/667027"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666963"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/666964"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31553",
    "datePublished": "2021-04-22T02:29:31",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37254 (GCVE-0-2023-37254)

Vulnerability from cvelistv5

Published

2023-06-29 00:00

Modified

2024-11-27 16:24

Severity ?

CWE

n/a

Summary

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

References

►

URL

Tags

https://phabricator.wikimedia.org/T331065

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T331065"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37254",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T16:24:14.123245Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T16:24:33.619Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-29T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T331065"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37254",
    "datePublished": "2023-06-29T00:00:00",
    "dateReserved": "2023-06-29T00:00:00",
    "dateUpdated": "2024-11-27T16:24:33.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41799 (GCVE-0-2021-41799)

Vulnerability from cvelistv5

Published

2021-10-11 00:00

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T290394
	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/	vendor-advisory
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:24.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T290394"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
          },
          {
            "name": "FEDORA-2021-eee8b7514f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
          },
          {
            "name": "FEDORA-2021-56d8173b5e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
          },
          {
            "name": "FEDORA-2021-3dd1b66cbf",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query\u0026list=backlinks) can cause a full table scan."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T290394"
        },
        {
          "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
        },
        {
          "name": "FEDORA-2021-eee8b7514f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
        },
        {
          "name": "FEDORA-2021-56d8173b5e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
        },
        {
          "name": "FEDORA-2021-3dd1b66cbf",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-41799",
    "datePublished": "2021-10-11T00:00:00",
    "dateReserved": "2021-09-29T00:00:00",
    "dateUpdated": "2024-08-04T03:22:24.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36129 (GCVE-0-2021-36129)

Vulnerability from cvelistv5

Published

2021-07-02 13:00

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T282932	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T282932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups\u0027 metadata."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T13:00:38",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T282932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups\u0027 metadata."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T282932",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T282932"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I3619a7e88c2eb979babb7b027d4fdbfabc0af792"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36129",
    "datePublished": "2021-07-02T13:00:38",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4360 (GCVE-0-2011-4360)

Vulnerability from cvelistv5

Published

2012-01-08 11:00

Modified

2024-08-07 00:09

Severity ?

CWE

n/a

Summary

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=758171	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/11/29/6	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=32276	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/11/29/12	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2011/dsa-2366	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:18.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20111128 MediaWiki security release 1.17.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
          },
          {
            "name": "[oss-security] 20111129 CVE request: mediawiki before 1.17.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276"
          },
          {
            "name": "[oss-security] 20111129 Re: CVE request: mediawiki before 1.17.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
          },
          {
            "name": "DSA-2366",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-01-19T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20111128 MediaWiki security release 1.17.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758171"
        },
        {
          "name": "[oss-security] 20111129 CVE request: mediawiki before 1.17.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/11/29/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=32276"
        },
        {
          "name": "[oss-security] 20111129 Re: CVE request: mediawiki before 1.17.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/11/29/12"
        },
        {
          "name": "DSA-2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2366"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4360",
    "datePublished": "2012-01-08T11:00:00",
    "dateReserved": "2011-11-04T00:00:00",
    "dateUpdated": "2024-08-07T00:09:18.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5395 (GCVE-0-2012-5395)

Vulnerability from cvelistv5

Published

2014-06-02 15:00

Modified

2024-08-06 21:05

Severity ?

CWE

n/a

Summary

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

References

►

URL

Tags

	https://bugzilla.wikimedia.org/show_bug.cgi?id=40962	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40962"
          },
          {
            "name": "[MediaWiki-announce] 20121130 MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-02T14:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40962"
        },
        {
          "name": "[MediaWiki-announce] 20121130 MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40962",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=40962"
            },
            {
              "name": "[MediaWiki-announce] 20121130 MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5395",
    "datePublished": "2014-06-02T15:00:00",
    "dateReserved": "2012-10-17T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4382 (GCVE-0-2012-4382)

Vulnerability from cvelistv5

Published

2017-10-19 21:00

Modified

2024-08-06 20:35

Severity ?

CWE

n/a

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/08/31/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T41823	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/08/31/10	mailing-list, x_refsource_MLIST
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:08.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
          },
          {
            "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T41823"
          },
          {
            "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
        },
        {
          "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T41823"
        },
        {
          "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
            },
            {
              "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T41823",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T41823"
            },
            {
              "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4382",
    "datePublished": "2017-10-19T21:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:08.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4379 (GCVE-0-2012-4379)

Vulnerability from cvelistv5

Published

2017-10-19 21:00

Modified

2024-08-06 20:35

Severity ?

CWE

n/a

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T41180	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/08/31/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=853426	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/08/31/10	mailing-list, x_refsource_MLIST
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T41180"
          },
          {
            "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
          },
          {
            "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853426"
          },
          {
            "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T41180"
        },
        {
          "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
        },
        {
          "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853426"
        },
        {
          "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4379",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T41180",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T41180"
            },
            {
              "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
            },
            {
              "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853426",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853426"
            },
            {
              "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4379",
    "datePublished": "2017-10-19T21:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:09.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1818 (GCVE-0-2013-1818)

Vulnerability from cvelistv5

Published

2014-06-02 15:00

Modified

2024-08-06 15:13

Severity ?

CWE

n/a

Summary

maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.

References

►

URL

Tags

	http://www.mediawiki.org/wiki/Release_notes/1.20	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/88363	vdb-entry, x_refsource_XF
	https://bugzilla.wikimedia.org/show_bug.cgi?id=45355	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/58304	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:13:33.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mediawiki.org/wiki/Release_notes/1.20"
          },
          {
            "name": "mediawiki-cve20131818-info-disclosure(88363)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45355"
          },
          {
            "name": "58304",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58304"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mediawiki.org/wiki/Release_notes/1.20"
        },
        {
          "name": "mediawiki-cve20131818-info-disclosure(88363)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45355"
        },
        {
          "name": "58304",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/58304"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mediawiki.org/wiki/Release_notes/1.20",
              "refsource": "CONFIRM",
              "url": "http://www.mediawiki.org/wiki/Release_notes/1.20"
            },
            {
              "name": "mediawiki-cve20131818-info-disclosure(88363)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88363"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45355",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=45355"
            },
            {
              "name": "58304",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/58304"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1818",
    "datePublished": "2014-06-02T15:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:13:33.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40601 (GCVE-0-2024-40601)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2024-10-27 01:00

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

n/a

Summary

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.

References

►

URL

Tags

https://phabricator.wikimedia.org/T362588

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T14:09:52.279968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-352",
                "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-27T01:00:28.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T362588"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:26:36.043771",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T362588"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40601",
    "datePublished": "2024-07-06T00:00:00",
    "dateReserved": "2024-07-06T00:00:00",
    "dateUpdated": "2024-10-27T01:00:28.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23178 (GCVE-0-2024-23178)

Vulnerability from cvelistv5

Published

2024-01-12 00:00

Modified

2025-06-03 14:06

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.

References

►

URL

Tags

	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
	https://phabricator.wikimedia.org/T349312

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T349312"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23178",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T17:25:23.739944Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:06:38.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T05:14:20.262Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
        },
        {
          "url": "https://phabricator.wikimedia.org/T349312"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-23178",
    "datePublished": "2024-01-12T00:00:00.000Z",
    "dateReserved": "2024-01-12T00:00:00.000Z",
    "dateUpdated": "2025-06-03T14:06:38.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22909 (GCVE-0-2023-22909)

Vulnerability from cvelistv5

Published

2023-01-10 00:00

Modified

2025-04-07 18:36

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T320987
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:31.389Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T320987"
          },
          {
            "name": "FEDORA-2023-30a7a812f0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-22909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T17:56:00.979529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T18:36:40.333Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-27T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T320987"
        },
        {
          "name": "FEDORA-2023-30a7a812f0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-22909",
    "datePublished": "2023-01-10T00:00:00.000Z",
    "dateReserved": "2023-01-10T00:00:00.000Z",
    "dateUpdated": "2025-04-07T18:36:40.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1054 (GCVE-0-2007-1054)

Vulnerability from cvelistv5

Published

2007-02-21 23:00

Modified

2024-08-07 12:43

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.

References

►

URL

Tags

	http://www.bugsec.com/articles.php?Security=24	x_refsource_MISC
	http://www.securityfocus.com/archive/1/460596/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://osvdb.org/32078	vdb-entry, x_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/0678	vdb-entry, x_refsource_VUPEN
	http://securityreason.com/securityalert/2274	third-party-advisory, x_refsource_SREASON
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586	vdb-entry, x_refsource_XF
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://attrition.org/pipermail/vim/2007-February/001367.html	mailing-list, x_refsource_VIM
	http://sourceforge.net/project/shownotes.php?release_id=487921&group_id=34373	x_refsource_CONFIRM
	http://secunia.com/advisories/24211	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:43:22.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.bugsec.com/articles.php?Security=24"
          },
          {
            "name": "20070220 MediaWiki Cross-site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
          },
          {
            "name": "32078",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32078"
          },
          {
            "name": "ADV-2007-0678",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0678"
          },
          {
            "name": "2274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2274"
          },
          {
            "name": "mediawiki-index-xss(32586)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES"
          },
          {
            "name": "20070221 [unsure] MediaWiki Cross-site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2007-February/001367.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=487921\u0026group_id=34373"
          },
          {
            "name": "24211",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24211"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.bugsec.com/articles.php?Security=24"
        },
        {
          "name": "20070220 MediaWiki Cross-site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
        },
        {
          "name": "32078",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32078"
        },
        {
          "name": "ADV-2007-0678",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0678"
        },
        {
          "name": "2274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2274"
        },
        {
          "name": "mediawiki-index-xss(32586)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES"
        },
        {
          "name": "20070221 [unsure] MediaWiki Cross-site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2007-February/001367.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=487921\u0026group_id=34373"
        },
        {
          "name": "24211",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24211"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1054",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.bugsec.com/articles.php?Security=24",
              "refsource": "MISC",
              "url": "http://www.bugsec.com/articles.php?Security=24"
            },
            {
              "name": "20070220 MediaWiki Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/460596/100/0/threaded"
            },
            {
              "name": "32078",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32078"
            },
            {
              "name": "ADV-2007-0678",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0678"
            },
            {
              "name": "2274",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2274"
            },
            {
              "name": "mediawiki-index-xss(32586)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32586"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES"
            },
            {
              "name": "20070221 [unsure] MediaWiki Cross-site Scripting",
              "refsource": "VIM",
              "url": "http://attrition.org/pipermail/vim/2007-February/001367.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=487921\u0026group_id=34373",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=487921\u0026group_id=34373"
            },
            {
              "name": "24211",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24211"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1054",
    "datePublished": "2007-02-21T23:00:00",
    "dateReserved": "2007-02-21T00:00:00",
    "dateUpdated": "2024-08-07T12:43:22.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2935 (GCVE-0-2015-2935)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T85349	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T85349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by \"@imporT.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T85349"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by \"@imporT.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T85349",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T85349"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2935",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30153 (GCVE-0-2021-30153)

Vulnerability from cvelistv5

Published

2023-04-15 00:00

Modified

2025-02-06 16:16

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T270453
	https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T270453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-30153",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T16:14:31.240214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-668",
                "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T16:16:20.804Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn\u0027t because they are hidden.) This is related to ApiVisualEditor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-15T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T270453"
        },
        {
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"
        },
        {
          "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30153",
    "datePublished": "2023-04-15T00:00:00.000Z",
    "dateReserved": "2021-04-06T00:00:00.000Z",
    "dateUpdated": "2025-02-06T16:16:20.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42043 (GCVE-0-2021-42043)

Vulnerability from cvelistv5

Published

2021-10-06 20:28

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T291600	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T291600"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T20:28:20",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T291600"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T291600",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T291600"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/If64eb5842237c92290d07ebc3fe14710d9de3fc2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42043",
    "datePublished": "2021-10-06T20:28:20",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-6163 (GCVE-0-2020-6163)

Vulnerability from cvelistv5

Published

2020-01-08 01:45

Modified

2024-08-04 08:55

Severity ?

CWE

n/a

Summary

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T240773	x_refsource_MISC
	https://gerrit.wikimedia.org/r/558203	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:55:22.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T240773"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/558203"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-08T01:45:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T240773"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/558203"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-6163",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T240773",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T240773"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/558203",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/558203"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-6163",
    "datePublished": "2020-01-08T01:45:12",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T08:55:22.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4304 (GCVE-0-2013-4304)

Vulnerability from cvelistv5

Published

2014-01-26 20:00

Modified

2024-08-06 16:38

Severity ?

CWE

n/a

Summary

The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.

References

►

URL

Tags

	http://seclists.org/oss-sec/2013/q3/553	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86894	vdb-entry, x_refsource_XF
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=52338	x_refsource_CONFIRM
	http://osvdb.org/96910	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/54723	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "name": "mediawiki-cve20134304-security-bypass(86894)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86894"
          },
          {
            "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52338"
          },
          {
            "name": "96910",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96910"
          },
          {
            "name": "54723",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54723"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "name": "mediawiki-cve20134304-security-bypass(86894)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86894"
        },
        {
          "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52338"
        },
        {
          "name": "96910",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96910"
        },
        {
          "name": "54723",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54723"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "mediawiki-cve20134304-security-bypass(86894)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86894"
            },
            {
              "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52338",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52338"
            },
            {
              "name": "96910",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96910"
            },
            {
              "name": "54723",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54723"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4304",
    "datePublished": "2014-01-26T20:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0503 (GCVE-0-2018-0503)

Vulnerability from cvelistv5

Published

2018-10-04 20:00

Modified

2024-09-17 01:30

Severity ?

CWE

Improper imlementation of documentation / spec

Summary

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1041695	vdb-entry, x_refsource_SECTRACK
	https://phabricator.wikimedia.org/T169545	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4301	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2019:3142	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3238	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3813	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: before 1.31.1, 1.30.1, 1.29.3 and 1.27.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:10.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
          },
          {
            "name": "1041695",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T169545"
          },
          {
            "name": "DSA-4301",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4301"
          },
          {
            "name": "RHSA-2019:3142",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3142"
          },
          {
            "name": "RHSA-2019:3238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3238"
          },
          {
            "name": "RHSA-2019:3813",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3813"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5"
            }
          ]
        }
      ],
      "datePublic": "2018-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for \u0027user\u0027 overrides that for \u0027newbie\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper imlementation of documentation / spec",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-07T18:06:38",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
        },
        {
          "name": "1041695",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T169545"
        },
        {
          "name": "DSA-4301",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4301"
        },
        {
          "name": "RHSA-2019:3142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3142"
        },
        {
          "name": "RHSA-2019:3238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3238"
        },
        {
          "name": "RHSA-2019:3813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3813"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "$wgRateLimits entry for \u0027user\u0027 overrides \u0027newbie\u0027",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2018-09-20T21:18:00.000Z",
          "ID": "CVE-2018-0503",
          "STATE": "PUBLIC",
          "TITLE": "$wgRateLimits entry for \u0027user\u0027 overrides \u0027newbie\u0027"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for \u0027user\u0027 overrides that for \u0027newbie\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper imlementation of documentation / spec"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
            },
            {
              "name": "1041695",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041695"
            },
            {
              "name": "https://phabricator.wikimedia.org/T169545",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T169545"
            },
            {
              "name": "DSA-4301",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4301"
            },
            {
              "name": "RHSA-2019:3142",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3142"
            },
            {
              "name": "RHSA-2019:3238",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3238"
            },
            {
              "name": "RHSA-2019:3813",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3813"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2018-0503",
    "datePublished": "2018-10-04T20:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-09-17T01:30:58.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10534 (GCVE-0-2020-10534)

Vulnerability from cvelistv5

Published

2020-03-12 22:14

Modified

2024-08-04 11:06

Severity ?

CWE

n/a

Summary

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T229731	x_refsource_MISC
	https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:09.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T229731"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-12T22:14:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T229731"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10534",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T229731",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T229731"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10534",
    "datePublished": "2020-03-12T22:14:41",
    "dateReserved": "2020-03-12T00:00:00",
    "dateUpdated": "2024-08-04T11:06:09.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8005 (GCVE-0-2015-8005)

Vulnerability from cvelistv5

Published

2015-11-09 18:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T108616	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034028	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T108616"
          },
          {
            "name": "1034028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034028"
          },
          {
            "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T108616"
        },
        {
          "name": "1034028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034028"
        },
        {
          "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T108616",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T108616"
            },
            {
              "name": "1034028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034028"
            },
            {
              "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8005",
    "datePublished": "2015-11-09T18:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37303 (GCVE-0-2023-37303)

Vulnerability from cvelistv5

Published

2023-06-30 00:00

Modified

2024-11-27 18:41

Severity ?

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T338276
	https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:34.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T338276"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37303",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T18:40:12.630661Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T18:41:36.313Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T338276"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37303",
    "datePublished": "2023-06-30T00:00:00",
    "dateReserved": "2023-06-30T00:00:00",
    "dateUpdated": "2024-11-27T18:41:36.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23171 (GCVE-0-2024-23171)

Vulnerability from cvelistv5

Published

2024-01-12 00:00

Modified

2025-06-20 16:45

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T348343
	https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T348343"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23171",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-12T18:13:46.482714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T16:45:30.614Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T04:40:13.720Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T348343"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-23171",
    "datePublished": "2024-01-12T00:00:00.000Z",
    "dateReserved": "2024-01-12T00:00:00.000Z",
    "dateUpdated": "2025-06-20T16:45:30.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2942 (GCVE-0-2015-2942)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T85848	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T85848"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a \"billion laughs attack,\" a different vulnerability than CVE-2015-2937."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T85848"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a \"billion laughs attack,\" a different vulnerability than CVE-2015-2937."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T85848",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T85848"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2942",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-5252 (GCVE-0-2008-5252)

Vulnerability from cvelistv5

Published

2008-12-19 17:00

Modified

2024-08-07 10:49

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.

References

►

URL

Tags

	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2009/dsa-1901	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33133	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	mailing-list, x_refsource_MLIST
	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/33349	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:11.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-11802",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
          },
          {
            "name": "DSA-1901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1901"
          },
          {
            "name": "33133",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33133"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
          },
          {
            "name": "FEDORA-2008-11688",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
          },
          {
            "name": "33349",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-18T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2008-11802",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
        },
        {
          "name": "DSA-1901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1901"
        },
        {
          "name": "33133",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33133"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
        },
        {
          "name": "FEDORA-2008-11688",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
        },
        {
          "name": "33349",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33349"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2008-11802",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
            },
            {
              "name": "DSA-1901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1901"
            },
            {
              "name": "33133",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33133"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
            },
            {
              "name": "FEDORA-2008-11688",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
            },
            {
              "name": "33349",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33349"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5252",
    "datePublished": "2008-12-19T17:00:00",
    "dateReserved": "2008-11-26T00:00:00",
    "dateUpdated": "2024-08-07T10:49:11.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-2187 (GCVE-0-2004-2187)

Vulnerability from cvelistv5

Published

2005-07-10 04:00

Modified

2024-09-16 19:56

Severity ?

CWE

n/a

Summary

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.

References

►

URL

Tags

	http://sourceforge.net/project/shownotes.php?release_id=275099	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/11416	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:15:01.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
          },
          {
            "name": "11416",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to \"filename validation,\" has unknown impact and attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-07-10T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
        },
        {
          "name": "11416",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to \"filename validation,\" has unknown impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=275099",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
            },
            {
              "name": "11416",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2187",
    "datePublished": "2005-07-10T04:00:00Z",
    "dateReserved": "2005-07-10T04:00:00Z",
    "dateUpdated": "2024-09-16T19:56:51.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31556 (GCVE-0-2021-31556)

Vulnerability from cvelistv5

Published

2021-08-12 21:38

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T277380	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T277380"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9"
          },
          {
            "name": "FEDORA-2021-eee8b7514f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
          },
          {
            "name": "FEDORA-2021-56d8173b5e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
          },
          {
            "name": "FEDORA-2021-3dd1b66cbf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-30T01:06:58",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T277380"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9"
        },
        {
          "name": "FEDORA-2021-eee8b7514f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
        },
        {
          "name": "FEDORA-2021-56d8173b5e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
        },
        {
          "name": "FEDORA-2021-3dd1b66cbf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31556",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T277380",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T277380"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9"
            },
            {
              "name": "FEDORA-2021-eee8b7514f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
            },
            {
              "name": "FEDORA-2021-56d8173b5e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
            },
            {
              "name": "FEDORA-2021-3dd1b66cbf",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31556",
    "datePublished": "2021-08-12T21:38:44",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39193 (GCVE-0-2022-39193)

Vulnerability from cvelistv5

Published

2023-01-20 00:00

Modified

2025-04-03 16:11

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.

References

►

URL

Tags

https://phabricator.wikimedia.org/T311337

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:42.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T311337"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-39193",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T16:10:46.352643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T16:11:19.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-29T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T311337"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-39193",
    "datePublished": "2023-01-20T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-03T16:11:19.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1816 (GCVE-0-2013-1816)

Vulnerability from cvelistv5

Published

2019-11-20 19:22

Modified

2024-08-06 15:13

Severity ?

CWE

Other

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

References

►

URL

Tags

	http://www.securityfocus.com/bid/58306	vdb-entry, x_refsource_BID
	https://security-tracker.debian.org/tracker/CVE-2013-1816	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/88360	x_refsource_MISC
	http://security.gentoo.org/glsa/glsa-201310-21.xml	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2013/03/05/4	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: 1.19.4 Version: 1.20.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:13:33.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "58306",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58306"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2013-1816"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88360"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "1.19.4"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            }
          ]
        }
      ],
      "datePublic": "2013-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T19:22:30",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "58306",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/58306"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2013-1816"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1816"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88360"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1816",
    "datePublished": "2019-11-20T19:22:30",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:13:33.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8808 (GCVE-0-2017-8808)

Vulnerability from cvelistv5

Published

2017-11-15 08:00

Modified

2024-08-05 16:48

Severity ?

CWE

XSS

Summary

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4036	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2	Version: MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:22.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
          },
          {
            "name": "DSA-4036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XSS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-16T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
        },
        {
          "name": "DSA-4036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-8808",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XSS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
            },
            {
              "name": "DSA-4036",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-8808",
    "datePublished": "2017-11-15T08:00:00",
    "dateReserved": "2017-05-07T00:00:00",
    "dateUpdated": "2024-08-05T16:48:22.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9277 (GCVE-0-2014-9277)

Vulnerability from cvelistv5

Published

2015-01-04 21:00

Modified

2024-08-06 13:40

Severity ?

CWE

n/a

Summary

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.

References

►

URL

Tags

	http://securitytracker.com/id?1031301	vdb-entry, x_refsource_SECTRACK
	https://phabricator.wikimedia.org/T73478	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2014/12/03/9	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/12/04/16	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2014/dsa-3100	vendor-advisory, x_refsource_DEBIAN
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:24.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1031301",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1031301"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T73478"
          },
          {
            "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
          },
          {
            "name": "[oss-security] 20141204  Re: MediaWiki security release - 1.23.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
          },
          {
            "name": "DSA-3100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3100"
          },
          {
            "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing \u003ccross-domain-policy\u003e in a PHP format request, which causes the string length to change when converting the request to \u003cNOT-cross-domain-policy\u003e."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-04T20:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1031301",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1031301"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T73478"
        },
        {
          "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
        },
        {
          "name": "[oss-security] 20141204  Re: MediaWiki security release - 1.23.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
        },
        {
          "name": "DSA-3100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3100"
        },
        {
          "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing \u003ccross-domain-policy\u003e in a PHP format request, which causes the string length to change when converting the request to \u003cNOT-cross-domain-policy\u003e."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1031301",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1031301"
            },
            {
              "name": "https://phabricator.wikimedia.org/T73478",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T73478"
            },
            {
              "name": "[oss-security] 20141203 MediaWiki security release - 1.23.7",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/03/9"
            },
            {
              "name": "[oss-security] 20141204  Re: MediaWiki security release - 1.23.7",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/04/16"
            },
            {
              "name": "DSA-3100",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3100"
            },
            {
              "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9277",
    "datePublished": "2015-01-04T21:00:00",
    "dateReserved": "2014-12-04T00:00:00",
    "dateUpdated": "2024-08-06T13:40:24.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4573 (GCVE-0-2013-4573)

Vulnerability from cvelistv5

Published

2013-11-25 19:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.

References

►

URL

Tags

	https://bugzilla.wikimedia.org/show_bug.cgi?id=55991	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/55754	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.876Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55991"
          },
          {
            "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
          },
          {
            "name": "55754",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55754"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the \"to\" parameter to index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-01T17:26:34",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55991"
        },
        {
          "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
        },
        {
          "name": "55754",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55754"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the \"to\" parameter to index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55991",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55991"
            },
            {
              "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
            },
            {
              "name": "55754",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55754"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4573",
    "datePublished": "2013-11-25T19:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.876Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9480 (GCVE-0-2014-9480)

Vulnerability from cvelistv5

Published

2015-01-16 16:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2015/01/03/13	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/12/21/2	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T69180	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
          },
          {
            "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T69180"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-16T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
        },
        {
          "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T69180"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9480",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
            },
            {
              "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T69180",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T69180"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9480",
    "datePublished": "2015-01-16T16:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28204 (GCVE-0-2022-28204)

Vulnerability from cvelistv5

Published

2022-09-19 20:48

Modified

2025-05-29 15:39

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Summary

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

References

►

URL

Tags

https://phabricator.wikimedia.org/T297754

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297754"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-28204",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-29T15:39:12.615325Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T15:39:18.030Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere\u0026target=Property%3AP31\u0026namespace=1\u0026invert=1 can take more than thirty seconds. There is a DDoS risk."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-19T20:48:09.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T297754"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere\u0026target=Property%3AP31\u0026namespace=1\u0026invert=1 can take more than thirty seconds. There is a DDoS risk."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T297754",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T297754"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28204",
    "datePublished": "2022-09-19T20:48:09.000Z",
    "dateReserved": "2022-03-30T00:00:00.000Z",
    "dateUpdated": "2025-05-29T15:39:18.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2933 (GCVE-0-2015-2933)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T73394	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:21.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T73394"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T73394"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2933",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T73394",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T73394"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2933",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:21.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-1888 (GCVE-0-2005-1888)

Vulnerability from cvelistv5

Published

2005-06-08 04:00

Modified

2024-08-07 22:06

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.

References

►

URL

Tags

	http://www.novell.com/linux/security/advisories/2005_19_sr.html	vendor-advisory, x_refsource_SUSE
	http://sourceforge.net/project/shownotes.php?release_id=332231	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/13861	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:06:57.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=332231"
          },
          {
            "name": "13861",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13861"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-06-27T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=332231"
        },
        {
          "name": "13861",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13861"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:019",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=332231",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=332231"
            },
            {
              "name": "13861",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13861"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1888",
    "datePublished": "2005-06-08T04:00:00",
    "dateReserved": "2005-06-08T00:00:00",
    "dateUpdated": "2024-08-07T22:06:57.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4305 (GCVE-0-2013-4305)

Vulnerability from cvelistv5

Published

2013-10-11 21:00

Modified

2024-08-06 16:38

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

References

►

URL

Tags

	http://seclists.org/oss-sec/2013/q3/553	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=49070	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	mailing-list, x_refsource_MLIST
	http://osvdb.org/96909	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86890	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49070"
          },
          {
            "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "name": "96909",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96909"
          },
          {
            "name": "mediawiki-cve20134305-xss(86890)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86890"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49070"
        },
        {
          "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "name": "96909",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96909"
        },
        {
          "name": "mediawiki-cve20134305-xss(86890)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86890"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49070",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49070"
            },
            {
              "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "96909",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96909"
            },
            {
              "name": "mediawiki-cve20134305-xss(86890)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86890"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4305",
    "datePublished": "2013-10-11T21:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31554 (GCVE-0-2021-31554)

Vulnerability from cvelistv5

Published

2021-04-22 02:29

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T272244	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T272244"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:29:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T272244"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31554",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T272244",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T272244"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31554",
    "datePublished": "2021-04-22T02:29:19",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4567 (GCVE-0-2013-4567)

Vulnerability from cvelistv5

Published

2013-12-13 18:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.

References

►

URL

Tags

	http://www.securityfocus.com/bid/63760	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/57472	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2014/dsa-2891	vendor-advisory, x_refsource_DEBIAN
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=55332	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "63760",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/63760"
          },
          {
            "name": "57472",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57472"
          },
          {
            "name": "DSA-2891",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2891"
          },
          {
            "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
          },
          {
            "name": "FEDORA-2013-21856",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
          },
          {
            "name": "FEDORA-2013-21874",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \\b (backspace) character in CSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "63760",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/63760"
        },
        {
          "name": "57472",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57472"
        },
        {
          "name": "DSA-2891",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2891"
        },
        {
          "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
        },
        {
          "name": "FEDORA-2013-21856",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
        },
        {
          "name": "FEDORA-2013-21874",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \\b (backspace) character in CSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "63760",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/63760"
            },
            {
              "name": "57472",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57472"
            },
            {
              "name": "DSA-2891",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2891"
            },
            {
              "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
            },
            {
              "name": "FEDORA-2013-21856",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
            },
            {
              "name": "FEDORA-2013-21874",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4567",
    "datePublished": "2013-12-13T18:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0364 (GCVE-0-2017-0364)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 18:29

Severity ?

CWE

rediretion to any interwiki link

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://security-tracker.debian.org/tracker/CVE-2017-0364	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T122209	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:56.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0364"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T122209"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "rediretion to any interwiki link",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0364"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T122209"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "Special:Search allows redirects to any interwiki link",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0364",
          "STATE": "PUBLIC",
          "TITLE": "Special:Search allows redirects to any interwiki link"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "rediretion to any interwiki link"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0364",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0364"
            },
            {
              "name": "https://phabricator.wikimedia.org/T122209",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T122209"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0364",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T18:29:54.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6730 (GCVE-0-2015-6730)

Vulnerability from cvelistv5

Published

2015-09-01 14:00

Modified

2024-08-06 07:29

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/76334	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          },
          {
            "name": "76334",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76334"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to \"ForeignAPI images.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        },
        {
          "name": "76334",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76334"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6730",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to \"ForeignAPI images.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            },
            {
              "name": "76334",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76334"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6730",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4031 (GCVE-0-2005-4031)

Vulnerability from cvelistv5

Published

2005-12-06 11:00

Modified

2024-08-07 23:31

Severity ?

CWE

n/a

Summary

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.

References

►

URL

Tags

	http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755	x_refsource_CONFIRM
	http://secunia.com/advisories/17866	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/15703	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2005/2726	vdb-entry, x_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/392156	third-party-advisory, x_refsource_CERT-VN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:31:48.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=375755"
          },
          {
            "name": "17866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17866"
          },
          {
            "name": "15703",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15703"
          },
          {
            "name": "ADV-2005-2726",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2726"
          },
          {
            "name": "VU#392156",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/392156"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the \"user language option,\" which is used as part of a dynamic class name that is processed using the eval function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-12-12T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=375755"
        },
        {
          "name": "17866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17866"
        },
        {
          "name": "15703",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15703"
        },
        {
          "name": "ADV-2005-2726",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2726"
        },
        {
          "name": "VU#392156",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/392156"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the \"user language option,\" which is used as part of a dynamic class name that is processed using the eval function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=375755",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=34373\u0026release_id=375755"
            },
            {
              "name": "17866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17866"
            },
            {
              "name": "15703",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15703"
            },
            {
              "name": "ADV-2005-2726",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2726"
            },
            {
              "name": "VU#392156",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/392156"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4031",
    "datePublished": "2005-12-06T11:00:00",
    "dateReserved": "2005-12-06T00:00:00",
    "dateUpdated": "2024-08-07T23:31:48.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-1580 (GCVE-0-2012-1580)

Vulnerability from cvelistv5

Published

2012-09-09 21:00

Modified

2024-08-06 19:01

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/03/24/1	mailing-list, x_refsource_MLIST
	http://osvdb.org/80364	vdb-entry, x_refsource_OSVDB
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=35317	x_refsource_CONFIRM
	http://secunia.com/advisories/48504	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/03/22/9	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74286	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/52689	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:01:02.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
          },
          {
            "name": "80364",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80364"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35317"
          },
          {
            "name": "48504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48504"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
          },
          {
            "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
          },
          {
            "name": "mediawiki-specialupload-csrf(74286)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74286"
          },
          {
            "name": "52689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
        },
        {
          "name": "80364",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80364"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35317"
        },
        {
          "name": "48504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48504"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
        },
        {
          "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
        },
        {
          "name": "mediawiki-specialupload-csrf(74286)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74286"
        },
        {
          "name": "52689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52689"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1580",
    "datePublished": "2012-09-09T21:00:00",
    "dateReserved": "2012-03-12T00:00:00",
    "dateUpdated": "2024-08-06T19:01:02.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37304 (GCVE-0-2023-37304)

Vulnerability from cvelistv5

Published

2023-06-30 00:00

Modified

2024-11-26 16:16

Severity ?

CWE

n/a

Summary

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T323651
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:34.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T323651"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37304",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T16:16:46.800358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T16:16:56.585Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T323651"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37304",
    "datePublished": "2023-06-30T00:00:00",
    "dateReserved": "2023-06-30T00:00:00",
    "dateUpdated": "2024-11-26T16:16:56.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-1150 (GCVE-0-2010-1150)

Vulnerability from cvelistv5

Published

2010-04-20 15:00

Modified

2024-08-07 01:14

Severity ?

CWE

n/a

Summary

MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2010/1055	vdb-entry, x_refsource_VUPEN
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2010/04/08/4	mailing-list, x_refsource_MLIST
	http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz	x_refsource_CONFIRM
	https://bugzilla.wikimedia.org/show_bug.cgi?id=23076	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2010/04/07/1	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=580418	x_refsource_CONFIRM
	http://www.debian.org/security/2010/dsa-2041	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-1055",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1055"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz"
          },
          {
            "name": "[oss-security] 20100407 Re: CVE Request: MediaWiki 1.15.3 -- Login CSRF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/04/08/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076"
          },
          {
            "name": "[mediawiki-announce] 20100407 MediaWiki security update: 1.15.3 and 1.16.0beta2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html"
          },
          {
            "name": "[oss-security] 20100406 CVE Request: MediaWiki 1.15.3 -- Login CSRF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/04/07/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580418"
          },
          {
            "name": "DSA-2041",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2041"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker\u0027s account and then execute a crafted user script, related to a \"login CSRF\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-04-30T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2010-1055",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1055"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_0beta2/phase3/RELEASE-NOTES"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_3/phase3/RELEASE-NOTES"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.0beta2.patch.gz"
        },
        {
          "name": "[oss-security] 20100407 Re: CVE Request: MediaWiki 1.15.3 -- Login CSRF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/04/08/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.3.patch.gz"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23076"
        },
        {
          "name": "[mediawiki-announce] 20100407 MediaWiki security update: 1.15.3 and 1.16.0beta2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html"
        },
        {
          "name": "[oss-security] 20100406 CVE Request: MediaWiki 1.15.3 -- Login CSRF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/04/07/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580418"
        },
        {
          "name": "DSA-2041",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2041"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-1150",
    "datePublished": "2010-04-20T15:00:00",
    "dateReserved": "2010-03-29T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2937 (GCVE-0-2015-2937)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T71210	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T71210"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service (\"quadratic blowup\" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T71210"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2937",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service (\"quadratic blowup\" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T71210",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T71210"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2937",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6451 (GCVE-0-2013-6451)

Vulnerability from cvelistv5

Published

2020-01-28 14:56

Modified

2024-08-06 17:39

Severity ?

CWE

Cross-Site Scripting

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Wikimedia Foundation	MediaWiki	Version: 1.19.9 before 1.19.10 Version: 1.2x before 1.21.4 Version: 1.22.x before 1.22.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.19.9 before 1.19.10"
            },
            {
              "status": "affected",
              "version": "1.2x before 1.21.4"
            },
            {
              "status": "affected",
              "version": "1.22.x before 1.22.1"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T14:56:22",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.19.9 before 1.19.10"
                          },
                          {
                            "version_value": "1.2x before 1.21.4"
                          },
                          {
                            "version_value": "1.22.x before 1.22.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html",
              "refsource": "MISC",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6451",
    "datePublished": "2020-01-28T14:56:22",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12469 (GCVE-0-2019-12469)

Vulnerability from cvelistv5

Published

2019-07-10 16:01

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

►

URL

Tags

	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://phabricator.wikimedia.org/T222036	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T222036"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T16:02:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T222036"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12469",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://phabricator.wikimedia.org/T222036",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T222036"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12469",
    "datePublished": "2019-07-10T16:01:53",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:37.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37305 (GCVE-0-2023-37305)

Vulnerability from cvelistv5

Published

2023-06-30 00:00

Modified

2024-11-26 16:16

Severity ?

CWE

n/a

Summary

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T326952
	https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:34.177Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T326952"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37305",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T16:14:53.884421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T16:16:14.016Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T326952"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37305",
    "datePublished": "2023-06-30T00:00:00",
    "dateReserved": "2023-06-30T00:00:00",
    "dateUpdated": "2024-11-26T16:16:14.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-34912 (GCVE-0-2022-34912)

Vulnerability from cvelistv5

Published

2022-07-02 00:00

Modified

2024-08-03 09:22

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T308473
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	mailing-list
	https://www.debian.org/security/2022/dsa-5246	vendor-advisory
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:22:10.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T308473"
          },
          {
            "name": "FEDORA-2022-f83aec6d57",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
          },
          {
            "name": "FEDORA-2022-bca2c95559",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
          },
          {
            "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
          },
          {
            "name": "DSA-5246",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5246"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won\u0027t be escaped."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T308473"
        },
        {
          "name": "FEDORA-2022-f83aec6d57",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
        },
        {
          "name": "FEDORA-2022-bca2c95559",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
        },
        {
          "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
        },
        {
          "name": "DSA-5246",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5246"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34912",
    "datePublished": "2022-07-02T00:00:00",
    "dateReserved": "2022-07-02T00:00:00",
    "dateUpdated": "2024-08-03T09:22:10.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9487 (GCVE-0-2014-9487)

Vulnerability from cvelistv5

Published

2017-10-17 14:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2015/01/03/13	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201502-04	vendor-advisory, x_refsource_GENTOO
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1175828	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "name": "GLSA-201502-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201502-04"
          },
          {
            "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.  NOTE: Related to CVE-2014-2053."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-17T13:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "name": "GLSA-201502-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201502-04"
        },
        {
          "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.  NOTE: Related to CVE-2014-2053."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "GLSA-201502-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201502-04"
            },
            {
              "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9487",
    "datePublished": "2017-10-17T14:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0046 (GCVE-0-2012-0046)

Vulnerability from cvelistv5

Published

2019-10-29 13:09

Modified

2024-08-06 18:09

Severity ?

CWE

info leak

Summary

mediawiki allows deleted text to be exposed

References

►

URL

Tags

	https://security-tracker.debian.org/tracker/CVE-2012-0046	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046	x_refsource_MISC
	https://access.redhat.com/security/cve/cve-2012-0046	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: 1.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2012-0046"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2012-0046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "1.16"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mediawiki allows deleted text to be exposed"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "info leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T13:09:39",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2012-0046"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2012-0046"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0046",
    "datePublished": "2019-10-29T13:09:39",
    "dateReserved": "2011-12-07T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-1578 (GCVE-0-2012-1578)

Vulnerability from cvelistv5

Published

2012-09-09 21:00

Modified

2024-08-06 19:01

Severity ?

CWE

n/a

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/78911	vdb-entry, x_refsource_XF
	http://www.openwall.com/lists/oss-security/2012/03/24/1	mailing-list, x_refsource_MLIST
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/48504	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=34212	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/03/22/9	mailing-list, x_refsource_MLIST
	http://osvdb.org/80361	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/52689	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:01:02.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-multiple-csrf(78911)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78911"
          },
          {
            "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
          },
          {
            "name": "48504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34212"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
          },
          {
            "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
          },
          {
            "name": "80361",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80361"
          },
          {
            "name": "52689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "mediawiki-multiple-csrf(78911)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78911"
        },
        {
          "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
        },
        {
          "name": "48504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=34212"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
        },
        {
          "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
        },
        {
          "name": "80361",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80361"
        },
        {
          "name": "52689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52689"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1578",
    "datePublished": "2012-09-09T21:00:00",
    "dateReserved": "2012-03-12T00:00:00",
    "dateUpdated": "2024-08-06T19:01:02.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10959 (GCVE-0-2020-10959)

Vulnerability from cvelistv5

Published

2020-06-02 13:52

Modified

2024-08-04 11:21

Severity ?

CWE

n/a

Summary

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T232932	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725	x_refsource_MISC
	https://phabricator.wikimedia.org/T240393	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T232932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T240393"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-02T13:52:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T232932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T240393"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T232932",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T232932"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"
            },
            {
              "name": "https://phabricator.wikimedia.org/T240393",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T240393"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10959",
    "datePublished": "2020-06-02T13:52:22",
    "dateReserved": "2020-03-25T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1817 (GCVE-0-2013-1817)

Vulnerability from cvelistv5

Published

2019-11-20 19:32

Modified

2024-08-06 15:13

Severity ?

CWE

Other

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

References

►

URL

Tags

	https://security-tracker.debian.org/tracker/CVE-2013-1817	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817	x_refsource_MISC
	http://www.securityfocus.com/bid/58305	x_refsource_MISC
	http://security.gentoo.org/glsa/glsa-201310-21.xml	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2013/03/05/4	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/88359	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: 1.19.4 Version: 1.20.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:13:32.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2013-1817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58305"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "1.19.4"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            }
          ]
        }
      ],
      "datePublic": "2013-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T19:32:38",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2013-1817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/58305"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1817",
    "datePublished": "2019-11-20T19:32:38",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:13:32.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35626 (GCVE-0-2020-35626)

Vulnerability from cvelistv5

Published

2020-12-21 22:34

Modified

2024-08-04 17:09

Severity ?

CWE

n/a

Summary

An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T268641	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:15.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T268641"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T22:34:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T268641"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35626",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T268641",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T268641"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/14dc79b1f44c2a1ca6b1192284206c7b8626fb57"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35626",
    "datePublished": "2020-12-21T22:34:06",
    "dateReserved": "2020-12-21T00:00:00",
    "dateUpdated": "2024-08-04T17:09:15.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1405 (GCVE-0-2004-1405)

Vulnerability from cvelistv5

Published

2005-02-12 05:00

Modified

2024-08-08 00:53

Severity ?

CWE

n/a

Summary

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

References

►

URL

Tags

	http://wikipedia.sourceforge.net/	x_refsource_MISC
	http://www.securityfocus.com/bid/11985	vdb-entry, x_refsource_BID
	http://marc.info/?l=bugtraq&m=110321710420059&w=2	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/13478/	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:53:22.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wikipedia.sourceforge.net/"
          },
          {
            "name": "11985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11985"
          },
          {
            "name": "20041216 STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110321710420059\u0026w=2"
          },
          {
            "name": "13478",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13478/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wikipedia.sourceforge.net/"
        },
        {
          "name": "11985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11985"
        },
        {
          "name": "20041216 STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110321710420059\u0026w=2"
        },
        {
          "name": "13478",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13478/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://wikipedia.sourceforge.net/",
              "refsource": "MISC",
              "url": "http://wikipedia.sourceforge.net/"
            },
            {
              "name": "11985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11985"
            },
            {
              "name": "20041216 STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110321710420059\u0026w=2"
            },
            {
              "name": "13478",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13478/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1405",
    "datePublished": "2005-02-12T05:00:00",
    "dateReserved": "2005-02-12T00:00:00",
    "dateUpdated": "2024-08-08T00:53:22.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40600 (GCVE-0-2024-40600)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2024-08-02 04:33

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

►

URL

Tags

https://phabricator.wikimedia.org/T361449

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mediawiki:metrolook_skin:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "metrolook_skin",
            "vendor": "mediawiki",
            "versions": [
              {
                "lessThanOrEqual": "1.42.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40600",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T15:32:10.287145Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T15:33:44.032Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.742Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T361449"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:26:28.514530",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T361449"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40600",
    "datePublished": "2024-07-06T00:00:00",
    "dateReserved": "2024-07-06T00:00:00",
    "dateUpdated": "2024-08-02T04:33:11.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28206 (GCVE-0-2022-28206)

Vulnerability from cvelistv5

Published

2022-03-30 00:00

Modified

2024-08-03 05:48

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T294256
	https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T294256"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T294256"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28206",
    "datePublished": "2022-03-30T00:00:00",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-08-03T05:48:37.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45374 (GCVE-0-2023-45374)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 17:45

Severity ?

CWE

n/a

Summary

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T345040
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T345040"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45374",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:44:54.935362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-352",
                "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:45:18.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T05:32:21.393570",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T345040"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SportsTeams/+/952552/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45374",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T17:45:18.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30154 (GCVE-0-2021-30154)

Vulnerability from cvelistv5

Published

2021-04-06 06:43

Modified

2024-08-03 22:24

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T278014	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4889	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202107-40	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T278014"
          },
          {
            "name": "DSA-4889",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4889"
          },
          {
            "name": "FEDORA-2021-f4223b6684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
          },
          {
            "name": "FEDORA-2021-d298103d3a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
          },
          {
            "name": "GLSA-202107-40",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-17T07:06:36",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T278014"
        },
        {
          "name": "DSA-4889",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4889"
        },
        {
          "name": "FEDORA-2021-f4223b6684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
        },
        {
          "name": "FEDORA-2021-d298103d3a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
        },
        {
          "name": "GLSA-202107-40",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-40"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T278014",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T278014"
            },
            {
              "name": "DSA-4889",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4889"
            },
            {
              "name": "FEDORA-2021-f4223b6684",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
            },
            {
              "name": "FEDORA-2021-d298103d3a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
            },
            {
              "name": "GLSA-202107-40",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-40"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30154",
    "datePublished": "2021-04-06T06:43:51",
    "dateReserved": "2021-04-06T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8626 (GCVE-0-2015-8626)

Vulnerability from cvelistv5

Published

2017-03-23 20:00

Modified

2024-08-06 08:20

Severity ?

CWE

n/a

Summary

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/23/7	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/21/8	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T115522	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
          },
          {
            "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
          },
          {
            "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T115522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
        },
        {
          "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
        },
        {
          "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T115522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8626",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
            },
            {
              "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
            },
            {
              "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
            },
            {
              "name": "https://phabricator.wikimedia.org/T115522",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T115522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8626",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2015-12-23T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29904 (GCVE-0-2022-29904)

Vulnerability from cvelistv5

Published

2022-04-29 03:43

Modified

2024-08-03 06:33

Severity ?

CWE

n/a

Summary

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T306463	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T306463"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain \u0027-\u0027 and \u0027_\u0027 constraints."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-29T03:43:51",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T306463"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-29904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain \u0027-\u0027 and \u0027_\u0027 constraints."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T306463",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T306463"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SemanticDrilldown/+/785213"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-29904",
    "datePublished": "2022-04-29T03:43:51",
    "dateReserved": "2022-04-29T00:00:00",
    "dateUpdated": "2024-08-03T06:33:43.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-0536 (GCVE-0-2005-0536)

Vulnerability from cvelistv5

Published

2005-02-24 05:00

Modified

2024-08-07 21:13

Severity ?

CWE

n/a

Summary

Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion.

References

►

URL

Tags

	http://securitytracker.com/id?1013260	vdb-entry, x_refsource_SECTRACK
	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	vendor-advisory, x_refsource_GENTOO
	http://sourceforge.net/project/shownotes.php?release_id=307067	x_refsource_CONFIRM
	http://secunia.com/advisories/14360	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:13:54.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1013260",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013260"
          },
          {
            "name": "GLSA-200502-33",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
          },
          {
            "name": "14360",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14360"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-03-30T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1013260",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013260"
        },
        {
          "name": "GLSA-200502-33",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
        },
        {
          "name": "14360",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14360"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1013260",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013260"
            },
            {
              "name": "GLSA-200502-33",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=307067",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
            },
            {
              "name": "14360",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14360"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0536",
    "datePublished": "2005-02-24T05:00:00",
    "dateReserved": "2005-02-24T00:00:00",
    "dateUpdated": "2024-08-07T21:13:54.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6728 (GCVE-0-2015-6728)

Vulnerability from cvelistv5

Published

2015-09-01 14:00

Modified

2024-08-06 07:29

Severity ?

CWE

n/a

Summary

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2015/08/27/6	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/08/12/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/76334	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
          },
          {
            "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
          },
          {
            "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
          },
          {
            "name": "FEDORA-2015-13920",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
          },
          {
            "name": "76334",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76334"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
        },
        {
          "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
        },
        {
          "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
        },
        {
          "name": "FEDORA-2015-13920",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
        },
        {
          "name": "76334",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76334"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6728",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
            },
            {
              "name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
            },
            {
              "name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
            },
            {
              "name": "FEDORA-2015-13920",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
            },
            {
              "name": "76334",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76334"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6728",
    "datePublished": "2015-09-01T14:00:00",
    "dateReserved": "2015-08-27T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2932 (GCVE-0-2015-2932)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T86711	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T86711"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T86711"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2932",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T86711",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T86711"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2932",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12470 (GCVE-0-2019-12470)

Vulnerability from cvelistv5

Published

2019-07-10 16:04

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

►

URL

Tags

	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://phabricator.wikimedia.org/T222038	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T222038"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T16:05:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T222038"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12470",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://phabricator.wikimedia.org/T222038",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T222038"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12470",
    "datePublished": "2019-07-10T16:04:55",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:37.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25828 (GCVE-0-2020-25828)

Vulnerability from cvelistv5

Published

2020-09-27 20:31

Modified

2024-08-04 15:40

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn\u0027t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-25828",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn\u0027t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-25828",
    "datePublished": "2020-09-27T20:31:44",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2031 (GCVE-0-2013-2031)

Vulnerability from cvelistv5

Published

2013-11-15 18:16

Modified

2024-08-06 15:20

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/57472	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=47304	x_refsource_CONFIRM
	http://secunia.com/advisories/55433	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2014/dsa-2891	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/59594	vdb-entry, x_refsource_BID
	http://security.gentoo.org/glsa/glsa-201310-21.xml	vendor-advisory, x_refsource_GENTOO
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2013/05/01/2	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2013-7714",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
          },
          {
            "name": "57472",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57472"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=47304"
          },
          {
            "name": "55433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55433"
          },
          {
            "name": "DSA-2891",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2891"
          },
          {
            "name": "FEDORA-2013-7654",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
          },
          {
            "name": "FEDORA-2013-7701",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
          },
          {
            "name": "59594",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/59594"
          },
          {
            "name": "GLSA-201310-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
          },
          {
            "name": "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
          },
          {
            "name": "[oss-security] 20130501 Re: Mediawiki CVE request ( was Fw: [MediaWiki-announce]  MediaWiki Security Release: 1.20.5 and 1.19.6)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/05/01/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2013-7714",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
        },
        {
          "name": "57472",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57472"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=47304"
        },
        {
          "name": "55433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55433"
        },
        {
          "name": "DSA-2891",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2891"
        },
        {
          "name": "FEDORA-2013-7654",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
        },
        {
          "name": "FEDORA-2013-7701",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
        },
        {
          "name": "59594",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/59594"
        },
        {
          "name": "GLSA-201310-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
        },
        {
          "name": "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
        },
        {
          "name": "[oss-security] 20130501 Re: Mediawiki CVE request ( was Fw: [MediaWiki-announce]  MediaWiki Security Release: 1.20.5 and 1.19.6)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/05/01/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2013-7714",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
            },
            {
              "name": "57472",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57472"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=47304",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=47304"
            },
            {
              "name": "55433",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55433"
            },
            {
              "name": "DSA-2891",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2891"
            },
            {
              "name": "FEDORA-2013-7654",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
            },
            {
              "name": "FEDORA-2013-7701",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
            },
            {
              "name": "59594",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/59594"
            },
            {
              "name": "GLSA-201310-21",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
            },
            {
              "name": "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
            },
            {
              "name": "[oss-security] 20130501 Re: Mediawiki CVE request ( was Fw: [MediaWiki-announce]  MediaWiki Security Release: 1.20.5 and 1.19.6)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/05/01/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2031",
    "datePublished": "2013-11-15T18:16:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-0535 (GCVE-0-2005-0535)

Vulnerability from cvelistv5

Published

2005-02-24 05:00

Modified

2024-08-07 21:13

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

References

►

URL

Tags

	http://securitytracker.com/id?1013260	vdb-entry, x_refsource_SECTRACK
	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	vendor-advisory, x_refsource_GENTOO
	http://sourceforge.net/project/shownotes.php?release_id=307067	x_refsource_CONFIRM
	http://secunia.com/advisories/14360	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:13:54.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1013260",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013260"
          },
          {
            "name": "GLSA-200502-33",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
          },
          {
            "name": "14360",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14360"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-03-30T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1013260",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013260"
        },
        {
          "name": "GLSA-200502-33",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
        },
        {
          "name": "14360",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14360"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1013260",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013260"
            },
            {
              "name": "GLSA-200502-33",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=307067",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
            },
            {
              "name": "14360",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14360"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0535",
    "datePublished": "2005-02-24T05:00:00",
    "dateReserved": "2005-02-24T00:00:00",
    "dateUpdated": "2024-08-07T21:13:54.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25814 (GCVE-0-2020-25814)

Vulnerability from cvelistv5

Published

2020-09-27 20:29

Modified

2024-08-04 15:40

Severity ?

CWE

n/a

Summary

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.

References

►

URL

Tags

	https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an \u003ca\u003e tag (or it does not have a href attribute, or it\u0027s empty, etc.). The actual result is that the object contains an \u003ca href =\"javascript... that executes when clicked."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-25814",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an \u003ca\u003e tag (or it does not have a href attribute, or it\u0027s empty, etc.). The actual result is that the object contains an \u003ca href =\"javascript... that executes when clicked."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg",
              "refsource": "MISC",
              "url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-25814",
    "datePublished": "2020-09-27T20:29:44",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8623 (GCVE-0-2015-8623)

Vulnerability from cvelistv5

Published

2017-03-23 20:00

Modified

2024-08-06 08:20

Severity ?

CWE

n/a

Summary

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/23/7	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T119309	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/12/21/8	mailing-list, x_refsource_MLIST
	https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
          },
          {
            "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T119309"
          },
          {
            "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
        },
        {
          "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T119309"
        },
        {
          "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8623",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
            },
            {
              "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
            },
            {
              "name": "https://phabricator.wikimedia.org/T119309",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T119309"
            },
            {
              "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8623",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2015-12-23T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-45471 (GCVE-0-2021-45471)

Vulnerability from cvelistv5

Published

2021-12-24 01:04

Modified

2024-08-04 04:39

Severity ?

CWE

n/a

Summary

In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T296578	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:21.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T296578"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"
          },
          {
            "name": "FEDORA-2021-bef1126908",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T02:06:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T296578"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"
        },
        {
          "name": "FEDORA-2021-bef1126908",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T296578",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T296578"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c"
            },
            {
              "name": "FEDORA-2021-bef1126908",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45471",
    "datePublished": "2021-12-24T01:04:20",
    "dateReserved": "2021-12-24T00:00:00",
    "dateUpdated": "2024-08-04T04:39:21.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35625 (GCVE-0-2020-35625)

Vulnerability from cvelistv5

Published

2020-12-21 22:36

Modified

2024-08-04 17:09

Severity ?

CWE

n/a

Summary

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T269718	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:14.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T269718"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \\MediaWiki\\Shell\\Shell::command within a comment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T22:36:26",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T269718"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \\MediaWiki\\Shell\\Shell::command within a comment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T269718",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T269718"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35625",
    "datePublished": "2020-12-21T22:36:26",
    "dateReserved": "2020-12-21T00:00:00",
    "dateUpdated": "2024-08-04T17:09:14.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19709 (GCVE-0-2019-19709)

Vulnerability from cvelistv5

Published

2019-12-11 01:33

Modified

2024-08-05 02:25

Severity ?

CWE

n/a

Summary

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T239466	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8	x_refsource_MISC
	https://www.debian.org/security/2019/dsa-4592	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Dec/48	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:25:12.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T239466"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8"
          },
          {
            "name": "DSA-4592",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4592"
          },
          {
            "name": "20191229 [SECURITY] [DSA 4592-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Dec/48"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-30T09:06:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T239466"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8"
        },
        {
          "name": "DSA-4592",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4592"
        },
        {
          "name": "20191229 [SECURITY] [DSA 4592-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Dec/48"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19709",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T239466",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T239466"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8"
            },
            {
              "name": "DSA-4592",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4592"
            },
            {
              "name": "20191229 [SECURITY] [DSA 4592-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Dec/48"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19709",
    "datePublished": "2019-12-11T01:33:11",
    "dateReserved": "2019-12-11T00:00:00",
    "dateUpdated": "2024-08-05T02:25:12.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8628 (GCVE-0-2015-8628)

Vulnerability from cvelistv5

Published

2017-03-23 20:00

Modified

2024-08-06 08:20

Severity ?

CWE

n/a

Summary

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/23/7	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T109724	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/12/21/8	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
          },
          {
            "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T109724"
          },
          {
            "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
        },
        {
          "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T109724"
        },
        {
          "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8628",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
            },
            {
              "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
            },
            {
              "name": "https://phabricator.wikimedia.org/T109724",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T109724"
            },
            {
              "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8628",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2015-12-23T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0504 (GCVE-0-2018-0504)

Vulnerability from cvelistv5

Published

2018-10-04 20:00

Modified

2024-09-17 00:41

Severity ?

CWE

Information disclosure

Summary

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1041695	vdb-entry, x_refsource_SECTRACK
	https://phabricator.wikimedia.org/T187638	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4301	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2019:3238	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3813	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: before 1.31.1, 1.30.1, 1.29.3 and 1.27.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
          },
          {
            "name": "1041695",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T187638"
          },
          {
            "name": "DSA-4301",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4301"
          },
          {
            "name": "RHSA-2019:3238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3238"
          },
          {
            "name": "RHSA-2019:3813",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3813"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5"
            }
          ]
        }
      ],
      "datePublic": "2018-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-07T18:06:37",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
        },
        {
          "name": "1041695",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T187638"
        },
        {
          "name": "DSA-4301",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4301"
        },
        {
          "name": "RHSA-2019:3238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3238"
        },
        {
          "name": "RHSA-2019:3813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3813"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Information disclosure in Special:Redirect/logid",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2018-09-20T21:18:00.000Z",
          "ID": "CVE-2018-0504",
          "STATE": "PUBLIC",
          "TITLE": "Information disclosure in Special:Redirect/logid"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
            },
            {
              "name": "1041695",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041695"
            },
            {
              "name": "https://phabricator.wikimedia.org/T187638",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T187638"
            },
            {
              "name": "DSA-4301",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4301"
            },
            {
              "name": "RHSA-2019:3238",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3238"
            },
            {
              "name": "RHSA-2019:3813",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3813"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2018-0504",
    "datePublished": "2018-10-04T20:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-09-17T00:41:51.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4303 (GCVE-0-2013-4303)

Vulnerability from cvelistv5

Published

2019-12-11 18:30

Modified

2024-08-06 16:38

Severity ?

CWE

Cross-Site Scripting

Summary

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	x_refsource_MISC
	http://seclists.org/oss-sec/2013/q3/553	x_refsource_MISC
	https://bugzilla.wikimedia.org/show_bug.cgi?id=52746	x_refsource_MISC
	http://www.securityfocus.com/bid/62194	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86897	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Wikimedia Foundation	MediaWiki	Version: 1.19.x before 1.19.8 Version: 1.20.x before 1.20.7 Version: and 1.21.x before 1.21.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62194"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.19.x before 1.19.8"
            },
            {
              "status": "affected",
              "version": "1.20.x before 1.20.7"
            },
            {
              "status": "affected",
              "version": "and 1.21.x before 1.21.2"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-11T18:30:37",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/62194"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4303",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.19.x before 1.19.8"
                          },
                          {
                            "version_value": "1.20.x before 1.20.7"
                          },
                          {
                            "version_value": "and 1.21.x before 1.21.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html",
              "refsource": "MISC",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "http://seclists.org/oss-sec/2013/q3/553",
              "refsource": "MISC",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746",
              "refsource": "MISC",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
            },
            {
              "name": "http://www.securityfocus.com/bid/62194",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/62194"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4303",
    "datePublished": "2019-12-11T18:30:37",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4302 (GCVE-0-2013-4302)

Vulnerability from cvelistv5

Published

2013-10-27 00:00

Modified

2024-08-06 16:38

Severity ?

CWE

n/a

Summary

(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.

References

►

URL

Tags

	http://seclists.org/oss-sec/2013/q3/553	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86896	vdb-entry, x_refsource_XF
	http://www.debian.org/security/2013/dsa-2753	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/54715	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	mailing-list, x_refsource_MLIST
	http://osvdb.org/96912	vdb-entry, x_refsource_OSVDB
	https://www.mediawiki.org/wiki/Release_notes/1.19	x_refsource_CONFIRM
	https://www.mediawiki.org/wiki/Release_notes/1.20	x_refsource_CONFIRM
	https://bugzilla.wikimedia.org/show_bug.cgi?id=49090	x_refsource_CONFIRM
	https://www.mediawiki.org/wiki/Release_notes/1.21	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "name": "mediawiki-cve20134302-info-disclosure(86896)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86896"
          },
          {
            "name": "DSA-2753",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2753"
          },
          {
            "name": "54715",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54715"
          },
          {
            "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "name": "96912",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96912"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49090"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "name": "mediawiki-cve20134302-info-disclosure(86896)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86896"
        },
        {
          "name": "DSA-2753",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2753"
        },
        {
          "name": "54715",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54715"
        },
        {
          "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "name": "96912",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96912"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49090"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4302",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "mediawiki-cve20134302-info-disclosure(86896)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86896"
            },
            {
              "name": "DSA-2753",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2753"
            },
            {
              "name": "54715",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54715"
            },
            {
              "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "96912",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96912"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.19",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.19"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.20",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.20"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49090",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=49090"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.21",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4302",
    "datePublished": "2013-10-27T00:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-1582 (GCVE-0-2012-1582)

Vulnerability from cvelistv5

Published

2012-09-09 21:00

Modified

2024-08-06 19:01

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/03/24/1	mailing-list, x_refsource_MLIST
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/48504	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=35315	x_refsource_CONFIRM
	http://osvdb.org/80363	vdb-entry, x_refsource_OSVDB
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74288	vdb-entry, x_refsource_XF
	http://www.openwall.com/lists/oss-security/2012/03/22/9	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/52689	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:01:02.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
          },
          {
            "name": "48504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
          },
          {
            "name": "80363",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80363"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
          },
          {
            "name": "mediawiki-wikitext-xss(74288)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
          },
          {
            "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
          },
          {
            "name": "52689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
        },
        {
          "name": "48504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
        },
        {
          "name": "80363",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80363"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
        },
        {
          "name": "mediawiki-wikitext-xss(74288)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
        },
        {
          "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
        },
        {
          "name": "52689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-1582",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
            },
            {
              "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
            },
            {
              "name": "48504",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48504"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
            },
            {
              "name": "80363",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80363"
            },
            {
              "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
            },
            {
              "name": "mediawiki-wikitext-xss(74288)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
            },
            {
              "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
            },
            {
              "name": "52689",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1582",
    "datePublished": "2012-09-09T21:00:00",
    "dateReserved": "2012-03-12T00:00:00",
    "dateUpdated": "2024-08-06T19:01:02.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4408 (GCVE-0-2008-4408)

Vulnerability from cvelistv5

Published

2008-10-03 17:18

Modified

2024-08-07 10:17

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/45632	vdb-entry, x_refsource_XF
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2008/10/02/3	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/31540	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/32128	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2008/2737	vdb-entry, x_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/32131	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html	mailing-list, x_refsource_MLIST
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:17:09.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-useskin-xss(45632)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45632"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES"
          },
          {
            "name": "[oss-security] 20081002 CVE request: XSS in mediawiki 1.13.1 and 1.12.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2008/10/02/3"
          },
          {
            "name": "31540",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31540"
          },
          {
            "name": "32128",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32128"
          },
          {
            "name": "FEDORA-2008-8678",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html"
          },
          {
            "name": "ADV-2008-2737",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2737"
          },
          {
            "name": "FEDORA-2008-8639",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html"
          },
          {
            "name": "32131",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32131"
          },
          {
            "name": "[MediaWiki-announce] 20081002 MediaWiki 1.13.2, 1.12.1 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mediawiki-useskin-xss(45632)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45632"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES"
        },
        {
          "name": "[oss-security] 20081002 CVE request: XSS in mediawiki 1.13.1 and 1.12.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2008/10/02/3"
        },
        {
          "name": "31540",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31540"
        },
        {
          "name": "32128",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32128"
        },
        {
          "name": "FEDORA-2008-8678",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html"
        },
        {
          "name": "ADV-2008-2737",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2737"
        },
        {
          "name": "FEDORA-2008-8639",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html"
        },
        {
          "name": "32131",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32131"
        },
        {
          "name": "[MediaWiki-announce] 20081002 MediaWiki 1.13.2, 1.12.1 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4408",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mediawiki-useskin-xss(45632)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45632"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES"
            },
            {
              "name": "[oss-security] 20081002 CVE request: XSS in mediawiki 1.13.1 and 1.12.0",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2008/10/02/3"
            },
            {
              "name": "31540",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31540"
            },
            {
              "name": "32128",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32128"
            },
            {
              "name": "FEDORA-2008-8678",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00220.html"
            },
            {
              "name": "ADV-2008-2737",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2737"
            },
            {
              "name": "FEDORA-2008-8639",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00179.html"
            },
            {
              "name": "32131",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32131"
            },
            {
              "name": "[MediaWiki-announce] 20081002 MediaWiki 1.13.2, 1.12.1 security update",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4408",
    "datePublished": "2008-10-03T17:18:00",
    "dateReserved": "2008-10-03T00:00:00",
    "dateUpdated": "2024-08-07T10:17:09.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-26121 (GCVE-0-2020-26121)

Vulnerability from cvelistv5

Published

2020-09-27 20:08

Modified

2024-08-04 15:49

Severity ?

CWE

n/a

Summary

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.

References

►

URL

Tags

	https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png	x_refsource_MISC
	https://phabricator.wikimedia.org/T262628	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:07.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T262628"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against \"page creation\" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T262628"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-26121",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against \"page creation\" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png",
              "refsource": "MISC",
              "url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"
            },
            {
              "name": "https://phabricator.wikimedia.org/T262628",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T262628"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-26121",
    "datePublished": "2020-09-27T20:08:00",
    "dateReserved": "2020-09-27T00:00:00",
    "dateUpdated": "2024-08-04T15:49:07.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-5249 (GCVE-0-2008-5249)

Vulnerability from cvelistv5

Published

2008-12-19 17:00

Modified

2024-08-07 10:49

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

►

URL

Tags

	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2009/dsa-1901	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33133	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/32844	vdb-entry, x_refsource_BID
	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/33349	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:11.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-11802",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
          },
          {
            "name": "DSA-1901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1901"
          },
          {
            "name": "33133",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33133"
          },
          {
            "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
          },
          {
            "name": "32844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32844"
          },
          {
            "name": "FEDORA-2008-11688",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
          },
          {
            "name": "33349",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-01T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2008-11802",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
        },
        {
          "name": "DSA-1901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1901"
        },
        {
          "name": "33133",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33133"
        },
        {
          "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
        },
        {
          "name": "32844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32844"
        },
        {
          "name": "FEDORA-2008-11688",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
        },
        {
          "name": "33349",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33349"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2008-11802",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
            },
            {
              "name": "DSA-1901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1901"
            },
            {
              "name": "33133",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33133"
            },
            {
              "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
            },
            {
              "name": "32844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32844"
            },
            {
              "name": "FEDORA-2008-11688",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
            },
            {
              "name": "33349",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33349"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5249",
    "datePublished": "2008-12-19T17:00:00",
    "dateReserved": "2008-11-26T00:00:00",
    "dateUpdated": "2024-08-07T10:49:11.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0047 (GCVE-0-2011-0047)

Vulnerability from cvelistv5

Published

2011-02-04 00:00

Modified

2024-08-06 21:43

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2011/0273	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/65126	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	vendor-advisory, x_refsource_FEDORA
	http://osvdb.org/70770	vdb-entry, x_refsource_OSVDB
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=27093	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/46108	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/43142	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:43:14.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0273",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0273"
          },
          {
            "name": "mediawiki-css-comments-xss(65126)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65126"
          },
          {
            "name": "FEDORA-2011-5807",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
          },
          {
            "name": "70770",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70770"
          },
          {
            "name": "FEDORA-2011-5848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27093"
          },
          {
            "name": "46108",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46108"
          },
          {
            "name": "43142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43142"
          },
          {
            "name": "[MediaWiki-announce] 20110201 MediaWiki security release 1.16.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
          },
          {
            "name": "FEDORA-2011-5812",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka \"CSS injection vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0273",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0273"
        },
        {
          "name": "mediawiki-css-comments-xss(65126)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65126"
        },
        {
          "name": "FEDORA-2011-5807",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
        },
        {
          "name": "70770",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70770"
        },
        {
          "name": "FEDORA-2011-5848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27093"
        },
        {
          "name": "46108",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46108"
        },
        {
          "name": "43142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43142"
        },
        {
          "name": "[MediaWiki-announce] 20110201 MediaWiki security release 1.16.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
        },
        {
          "name": "FEDORA-2011-5812",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0047",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka \"CSS injection vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0273",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0273"
            },
            {
              "name": "mediawiki-css-comments-xss(65126)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65126"
            },
            {
              "name": "FEDORA-2011-5807",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
            },
            {
              "name": "70770",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70770"
            },
            {
              "name": "FEDORA-2011-5848",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27093",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27093"
            },
            {
              "name": "46108",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46108"
            },
            {
              "name": "43142",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43142"
            },
            {
              "name": "[MediaWiki-announce] 20110201 MediaWiki security release 1.16.2",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
            },
            {
              "name": "FEDORA-2011-5812",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0047",
    "datePublished": "2011-02-04T00:00:00",
    "dateReserved": "2010-12-21T00:00:00",
    "dateUpdated": "2024-08-06T21:43:14.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8815 (GCVE-0-2017-8815)

Vulnerability from cvelistv5

Published

2017-11-15 08:00

Modified

2024-08-05 16:48

Severity ?

CWE

attribute injection

Summary

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4036	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2	Version: MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:21.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
          },
          {
            "name": "DSA-4036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "attribute injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-16T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
        },
        {
          "name": "DSA-4036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-8815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "attribute injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
            },
            {
              "name": "DSA-4036",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-8815",
    "datePublished": "2017-11-15T08:00:00",
    "dateReserved": "2017-05-07T00:00:00",
    "dateUpdated": "2024-08-05T16:48:21.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-5688 (GCVE-0-2008-5688)

Vulnerability from cvelistv5

Published

2008-12-19 17:00

Modified

2024-08-07 11:04

Severity ?

CWE

n/a

Summary

MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.

References

►

URL

Tags

	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html	vendor-advisory, x_refsource_FEDORA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html	mailing-list, x_refsource_MLIST
	http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails	x_refsource_MISC
	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/33349	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:04:44.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-11802",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
          },
          {
            "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails"
          },
          {
            "name": "FEDORA-2008-11688",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
          },
          {
            "name": "33349",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-09T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2008-11802",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
        },
        {
          "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails"
        },
        {
          "name": "FEDORA-2008-11688",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
        },
        {
          "name": "33349",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33349"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2008-11802",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html"
            },
            {
              "name": "[mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html"
            },
            {
              "name": "http://www.mediawiki.org/wiki/Manual:$wgShowExceptionDetails",
              "refsource": "MISC",
              "url": "http://www.mediawiki.org/wiki/Manual:$wgShowExceptionDetails"
            },
            {
              "name": "FEDORA-2008-11688",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html"
            },
            {
              "name": "33349",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33349"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5688",
    "datePublished": "2008-12-19T17:00:00",
    "dateReserved": "2008-12-19T00:00:00",
    "dateUpdated": "2024-08-07T11:04:44.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12051 (GCVE-0-2020-12051)

Vulnerability from cvelistv5

Published

2020-04-21 21:24

Modified

2024-08-04 11:48

Severity ?

CWE

n/a

Summary

The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T250594	x_refsource_MISC
	https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:58.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T250594"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query\u0026meta=globaluserinfo\u0026guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-21T21:24:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T250594"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query\u0026meta=globaluserinfo\u0026guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T250594",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T250594"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12051",
    "datePublished": "2020-04-21T21:24:33",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:58.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4380 (GCVE-0-2012-4380)

Vulnerability from cvelistv5

Published

2017-10-19 21:00

Modified

2024-08-06 20:35

Severity ?

CWE

n/a

Summary

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/08/31/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/08/31/10	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=853440	x_refsource_CONFIRM
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	x_refsource_MISC
	https://phabricator.wikimedia.org/T41824	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:08.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
          },
          {
            "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
          },
          {
            "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853440"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T41824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
        },
        {
          "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
        },
        {
          "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853440"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T41824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4380",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
            },
            {
              "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
            },
            {
              "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853440",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853440"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
            },
            {
              "name": "https://phabricator.wikimedia.org/T41824",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T41824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4380",
    "datePublished": "2017-10-19T21:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:08.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-2186 (GCVE-0-2004-2186)

Vulnerability from cvelistv5

Published

2005-07-10 04:00

Modified

2024-09-17 02:01

Severity ?

CWE

n/a

Summary

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.

References

►

URL

Tags

	http://sourceforge.net/project/shownotes.php?release_id=275099	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/11416	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:15:01.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
          },
          {
            "name": "11416",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-07-10T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
        },
        {
          "name": "11416",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=275099",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=275099"
            },
            {
              "name": "11416",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2186",
    "datePublished": "2005-07-10T04:00:00Z",
    "dateReserved": "2005-07-10T04:00:00Z",
    "dateUpdated": "2024-09-17T02:01:46.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16738 (GCVE-0-2019-16738)

Vulnerability from cvelistv5

Published

2019-09-26 01:49

Modified

2024-08-05 01:24

Severity ?

CWE

n/a

Summary

In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T230402	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/	vendor-advisory, x_refsource_FEDORA
	https://www.debian.org/security/2019/dsa-4545	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Oct/32	mailing-list, x_refsource_BUGTRAQ
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T230402"
          },
          {
            "name": "FEDORA-2019-c4cdd73c74",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/"
          },
          {
            "name": "DSA-4545",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4545"
          },
          {
            "name": "20191021 [SECURITY] [DSA 4545-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/32"
          },
          {
            "name": "FEDORA-2019-3ba38e1cdb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-26T19:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T230402"
        },
        {
          "name": "FEDORA-2019-c4cdd73c74",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/"
        },
        {
          "name": "DSA-4545",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4545"
        },
        {
          "name": "20191021 [SECURITY] [DSA 4545-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/32"
        },
        {
          "name": "FEDORA-2019-3ba38e1cdb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T230402",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T230402"
            },
            {
              "name": "FEDORA-2019-c4cdd73c74",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/"
            },
            {
              "name": "DSA-4545",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4545"
            },
            {
              "name": "20191021 [SECURITY] [DSA 4545-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/32"
            },
            {
              "name": "FEDORA-2019-3ba38e1cdb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16738",
    "datePublished": "2019-09-26T01:49:11",
    "dateReserved": "2019-09-24T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4569 (GCVE-0-2013-4569)

Vulnerability from cvelistv5

Published

2013-12-13 18:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=54294	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
          },
          {
            "name": "FEDORA-2013-21856",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
          },
          {
            "name": "FEDORA-2013-21874",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54294"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when \"Group changes by page in recent changes and watchlist\" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-13T17:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
        },
        {
          "name": "FEDORA-2013-21856",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
        },
        {
          "name": "FEDORA-2013-21874",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54294"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4569",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when \"Group changes by page in recent changes and watchlist\" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
            },
            {
              "name": "FEDORA-2013-21856",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
            },
            {
              "name": "FEDORA-2013-21874",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54294",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=54294"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4569",
    "datePublished": "2013-12-13T18:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0371 (GCVE-0-2017-0371)

Vulnerability from cvelistv5

Published

2022-02-18 22:29

Modified

2024-08-05 13:03

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T140591	x_refsource_MISC
	https://phabricator.wikimedia.org/T68404	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:57.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T140591"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T68404"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=\"background-image: attr(title url);\" attack within a DIV element that has an attacker-controlled URL in the title attribute."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-18T22:29:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T140591"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T68404"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-0371",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=\"background-image: attr(title url);\" attack within a DIV element that has an attacker-controlled URL in the title attribute."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T140591",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T140591"
            },
            {
              "name": "https://phabricator.wikimedia.org/T68404",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T68404"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-0371",
    "datePublished": "2022-02-18T22:29:30",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-08-05T13:03:57.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37256 (GCVE-0-2023-37256)

Vulnerability from cvelistv5

Published

2023-06-29 00:00

Modified

2024-11-26 19:35

Severity ?

CWE

n/a

Summary

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.

References

►

URL

Tags

https://phabricator.wikimedia.org/T331311

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T331311"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37256",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T19:33:53.973360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T19:35:42.623Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-29T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T331311"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37256",
    "datePublished": "2023-06-29T00:00:00",
    "dateReserved": "2023-06-29T00:00:00",
    "dateUpdated": "2024-11-26T19:35:42.623Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42047 (GCVE-0-2021-42047)

Vulnerability from cvelistv5

Published

2021-10-06 20:48

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T289063	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.844Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T289063"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:39:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T289063"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42047",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T289063",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T289063"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42047",
    "datePublished": "2021-10-06T20:48:01",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31547 (GCVE-0-2021-31547)

Vulnerability from cvelistv5

Published

2021-04-22 02:30

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T223654	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T223654"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:30:35",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T223654"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T223654",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T223654"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31547",
    "datePublished": "2021-04-22T02:30:35",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29905 (GCVE-0-2022-29905)

Vulnerability from cvelistv5

Published

2022-04-29 03:43

Modified

2024-08-03 06:33

Severity ?

CWE

n/a

Summary

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T306741	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:42.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T306741"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-29T03:43:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T306741"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-29905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T306741",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T306741"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-29905",
    "datePublished": "2022-04-29T03:43:22",
    "dateReserved": "2022-04-29T00:00:00",
    "dateUpdated": "2024-08-03T06:33:42.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45360 (GCVE-0-2023-45360)

Vulnerability from cvelistv5

Published

2023-11-03 00:00

Modified

2024-08-02 20:21

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T340221
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "mediawiki",
            "vendor": "mediawiki",
            "versions": [
              {
                "lessThan": "1.35.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.39.5",
                "status": "affected",
                "version": "1.36.0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.40.1",
                "status": "affected",
                "version": "1.40.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-45360",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T14:08:22.103632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T14:12:18.211Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T340221"
          },
          {
            "name": "FEDORA-2024-2c564b942d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:34.500184",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T340221"
        },
        {
          "name": "FEDORA-2024-2c564b942d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45360",
    "datePublished": "2023-11-03T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-08-02T20:21:16.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23174 (GCVE-0-2024-23174)

Vulnerability from cvelistv5

Published

2024-01-12 00:00

Modified

2025-06-20 16:46

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T347704
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T347704"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23174",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-28T17:17:33.346072Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T16:46:21.303Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T04:39:39.153Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T347704"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-23174",
    "datePublished": "2024-01-12T00:00:00.000Z",
    "dateReserved": "2024-01-12T00:00:00.000Z",
    "dateUpdated": "2025-06-20T16:46:21.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4885 (GCVE-0-2012-4885)

Vulnerability from cvelistv5

Published

2012-09-09 21:00

Modified

2024-09-16 23:51

Severity ?

CWE

n/a

Summary

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/03/24/1	mailing-list, x_refsource_MLIST
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/48504	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.wikimedia.org/show_bug.cgi?id=35315	x_refsource_CONFIRM
	https://bugzilla.wikimedia.org/show_bug.cgi?id=22555	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/03/22/9	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/52689	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:17.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
          },
          {
            "name": "48504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=22555"
          },
          {
            "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
          },
          {
            "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
          },
          {
            "name": "52689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-09T21:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
        },
        {
          "name": "48504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=22555"
        },
        {
          "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
        },
        {
          "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
        },
        {
          "name": "52689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-4885",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
            },
            {
              "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
            },
            {
              "name": "48504",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48504"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=22555",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=22555"
            },
            {
              "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
            },
            {
              "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
            },
            {
              "name": "52689",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-4885",
    "datePublished": "2012-09-09T21:00:00Z",
    "dateReserved": "2012-09-09T00:00:00Z",
    "dateUpdated": "2024-09-16T23:51:59.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28323 (GCVE-0-2022-28323)

Vulnerability from cvelistv5

Published

2022-04-30 15:05

Modified

2024-08-03 05:48

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,

References

►

URL

Tags

	https://phabricator.wikimedia.org/T298434	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T298434"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-30T15:05:46",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T298434"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T298434",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T298434"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I9d3b9a942ea71d777ec32121fa36262f549d283d"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/93758c4c13b972d240a6313e0472df1667118893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28323",
    "datePublished": "2022-04-30T15:05:46",
    "dateReserved": "2022-04-01T00:00:00",
    "dateUpdated": "2024-08-03T05:48:37.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3166 (GCVE-0-2005-3166)

Vulnerability from cvelistv5

Published

2005-10-06 04:00

Modified

2024-08-07 23:01

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.

References

►

URL

Tags

	http://www.novell.com/linux/security/advisories/2005_22_sr.html	vendor-advisory, x_refsource_SUSE
	http://www.osvdb.org/19956	vdb-entry, x_refsource_OSVDB
	http://sourceforge.net/project/shownotes.php?release_id=358163	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:59.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
          },
          {
            "name": "19956",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/19956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=358163"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in \"edit submission handling\" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-04-04T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
        },
        {
          "name": "19956",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/19956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=358163"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in \"edit submission handling\" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:022",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
            },
            {
              "name": "19956",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/19956"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=358163",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=358163"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3166",
    "datePublished": "2005-10-06T04:00:00",
    "dateReserved": "2005-10-06T00:00:00",
    "dateUpdated": "2024-08-07T23:01:59.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45367 (GCVE-0-2023-45367)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 18:04

Severity ?

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service.

References

►

URL

Tags

https://phabricator.wikimedia.org/T344923

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.751Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T344923"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45367",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T18:04:37.276629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T18:04:49.060Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T04:45:59.629445",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T344923"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45367",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T18:04:49.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40596 (GCVE-0-2024-40596)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2025-03-18 15:21

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)

References

►

URL

Tags

https://phabricator.wikimedia.org/T326866

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T13:45:32.457314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-532",
                "description": "CWE-532 Insertion of Sensitive Information into Log File",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T15:21:17.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T326866"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:25:55.994Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T326866"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40596",
    "datePublished": "2024-07-06T00:00:00.000Z",
    "dateReserved": "2024-07-06T00:00:00.000Z",
    "dateUpdated": "2025-03-18T15:21:17.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37300 (GCVE-0-2023-37300)

Vulnerability from cvelistv5

Published

2023-06-30 00:00

Modified

2024-11-27 18:54

Severity ?

CWE

n/a

Summary

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T330968
	https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:34.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T330968"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37300",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T18:50:49.609709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T18:54:20.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T330968"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37300",
    "datePublished": "2023-06-30T00:00:00",
    "dateReserved": "2023-06-30T00:00:00",
    "dateUpdated": "2024-11-27T18:54:20.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45372 (GCVE-0-2023-45372)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 17:50

Severity ?

CWE

n/a

Summary

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T345064
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T345064"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:46:55.485669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:50:13.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T05:32:40.875300",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T345064"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45372",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T17:50:13.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2789 (GCVE-0-2010-2789)

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-09-17 02:52

Severity ?

CWE

n/a

Summary

PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.

References

►

URL

Tags

	http://openwall.com/lists/oss-security/2010/07/29/4	mailing-list, x_refsource_MLIST
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:46:48.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20100729 Re: CVE request: mediawiki",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
          },
          {
            "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-04-27T00:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20100729 Re: CVE request: mediawiki",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
        },
        {
          "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-2789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20100729 Re: CVE request: mediawiki",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2010/07/29/4"
            },
            {
              "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2789",
    "datePublished": "2011-04-27T00:00:00Z",
    "dateReserved": "2010-07-22T00:00:00Z",
    "dateUpdated": "2024-09-17T02:52:03.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30159 (GCVE-0-2021-30159)

Vulnerability from cvelistv5

Published

2021-04-09 06:12

Modified

2024-08-03 22:24

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T272386	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4889	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202107-40	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T272386"
          },
          {
            "name": "DSA-4889",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4889"
          },
          {
            "name": "FEDORA-2021-f4223b6684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
          },
          {
            "name": "FEDORA-2021-d298103d3a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
          },
          {
            "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
          },
          {
            "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
          },
          {
            "name": "GLSA-202107-40",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain \"fast double move\" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it\u0027s only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-17T07:06:40",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T272386"
        },
        {
          "name": "DSA-4889",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4889"
        },
        {
          "name": "FEDORA-2021-f4223b6684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
        },
        {
          "name": "FEDORA-2021-d298103d3a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
        },
        {
          "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
        },
        {
          "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
        },
        {
          "name": "GLSA-202107-40",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-40"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30159",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain \"fast double move\" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it\u0027s only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T272386",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T272386"
            },
            {
              "name": "DSA-4889",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4889"
            },
            {
              "name": "FEDORA-2021-f4223b6684",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
            },
            {
              "name": "FEDORA-2021-d298103d3a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
            },
            {
              "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
            },
            {
              "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
            },
            {
              "name": "GLSA-202107-40",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-40"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30159",
    "datePublished": "2021-04-09T06:12:55",
    "dateReserved": "2021-04-06T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4378 (GCVE-0-2012-4378)

Vulnerability from cvelistv5

Published

2017-10-26 20:00

Modified

2024-08-06 20:35

Severity ?

CWE

n/a

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/08/31/6	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=853417	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T39587	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/08/31/10	mailing-list, x_refsource_MLIST
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:08.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
          },
          {
            "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T39587"
          },
          {
            "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-26T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
        },
        {
          "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T39587"
        },
        {
          "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4378",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20120831 CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6"
            },
            {
              "name": "[MediaWiki-announce] 20120831 MediaWiki security release: 1.19.2 and 1.18.5",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853417",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417"
            },
            {
              "name": "https://phabricator.wikimedia.org/T39587",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T39587"
            },
            {
              "name": "[oss-security] 20120831 Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4378",
    "datePublished": "2017-10-26T20:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:08.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2941 (GCVE-0-2015-2941)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	https://phabricator.wikimedia.org/T85851	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T85851"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T85851"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2941",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "https://phabricator.wikimedia.org/T85851",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T85851"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2941",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8627 (GCVE-0-2015-8627)

Vulnerability from cvelistv5

Published

2017-03-23 20:00

Modified

2024-08-06 08:20

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T97897	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/23/7	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/21/8	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T97897"
          },
          {
            "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
          },
          {
            "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
          },
          {
            "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T97897"
        },
        {
          "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
        },
        {
          "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
        },
        {
          "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8627",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T97897",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T97897"
            },
            {
              "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
            },
            {
              "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
            },
            {
              "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8627",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2015-12-23T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29907 (GCVE-0-2022-29907)

Vulnerability from cvelistv5

Published

2022-04-29 03:42

Modified

2024-08-03 06:33

Severity ?

CWE

n/a

Summary

The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T306815	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/786959	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T306815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/786959"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-29T03:42:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T306815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/786959"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-29907",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T306815",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T306815"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/786959",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/786959"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-29907",
    "datePublished": "2022-04-29T03:42:28",
    "dateReserved": "2022-04-29T00:00:00",
    "dateUpdated": "2024-08-03T06:33:43.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0322 (GCVE-0-2006-0322)

Vulnerability from cvelistv5

Published

2006-01-19 21:00

Modified

2024-08-07 16:34

Severity ?

CWE

n/a

Summary

Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2006/0392	vdb-entry, x_refsource_VUPEN
	http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html	vendor-advisory, x_refsource_SUSE
	http://sourceforge.net/project/shownotes.php?release_id=386609	x_refsource_CONFIRM
	http://secunia.com/advisories/18717	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/24478	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/18711	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:34:13.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-0392",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0392"
          },
          {
            "name": "SUSE-SR:2006:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=386609"
          },
          {
            "name": "18717",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18717"
          },
          {
            "name": "mediawiki-comment-format-dos(24478)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24478"
          },
          {
            "name": "18711",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18711"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via \"certain malformed links.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-0392",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0392"
        },
        {
          "name": "SUSE-SR:2006:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=386609"
        },
        {
          "name": "18717",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18717"
        },
        {
          "name": "mediawiki-comment-format-dos(24478)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24478"
        },
        {
          "name": "18711",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18711"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via \"certain malformed links.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-0392",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0392"
            },
            {
              "name": "SUSE-SR:2006:003",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=386609",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=386609"
            },
            {
              "name": "18717",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18717"
            },
            {
              "name": "mediawiki-comment-format-dos(24478)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24478"
            },
            {
              "name": "18711",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18711"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0322",
    "datePublished": "2006-01-19T21:00:00",
    "dateReserved": "2006-01-19T00:00:00",
    "dateUpdated": "2024-08-07T16:34:13.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15005 (GCVE-0-2020-15005)

Vulnerability from cvelistv5

Published

2020-06-24 22:07

Modified

2024-08-04 13:00

Severity ?

CWE

n/a

Summary

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T248947	x_refsource_MISC
	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34	x_refsource_CONFIRM
	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33	x_refsource_CONFIRM
	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/	vendor-advisory, x_refsource_FEDORA
	https://www.debian.org/security/2020/dsa-4767	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:00:52.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T248947"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html"
          },
          {
            "name": "FEDORA-2020-9c97633708",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/"
          },
          {
            "name": "DSA-4767",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4767"
          },
          {
            "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-23T03:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T248947"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html"
        },
        {
          "name": "FEDORA-2020-9c97633708",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/"
        },
        {
          "name": "DSA-4767",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4767"
        },
        {
          "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-15005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T248947",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T248947"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html"
            },
            {
              "name": "FEDORA-2020-9c97633708",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/"
            },
            {
              "name": "DSA-4767",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4767"
            },
            {
              "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-15005",
    "datePublished": "2020-06-24T22:07:37",
    "dateReserved": "2020-06-24T00:00:00",
    "dateUpdated": "2024-08-04T13:00:52.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-0177 (GCVE-0-2007-0177)

Vulnerability from cvelistv5

Published

2007-01-11 00:00

Modified

2024-08-07 12:12

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2007/0096	vdb-entry, x_refsource_VUPEN
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://secunia.com/advisories/24889	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/31359	vdb-entry, x_refsource_XF
	http://www.novell.com/linux/security/advisories/2007_6_sr.html	vendor-advisory, x_refsource_SUSE
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES	x_refsource_CONFIRM
	http://osvdb.org/31525	vdb-entry, x_refsource_OSVDB
	http://sourceforge.net/forum/forum.php?forum_id=652721	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/21956	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/23647	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:12:17.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0096",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0096"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES"
          },
          {
            "name": "24889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24889"
          },
          {
            "name": "mediawiki-ajax-unspecified-xss(31359)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31359"
          },
          {
            "name": "SUSE-SR:2007:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES"
          },
          {
            "name": "31525",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/31525"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/forum/forum.php?forum_id=652721"
          },
          {
            "name": "21956",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21956"
          },
          {
            "name": "23647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-0096",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0096"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES"
        },
        {
          "name": "24889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24889"
        },
        {
          "name": "mediawiki-ajax-unspecified-xss(31359)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31359"
        },
        {
          "name": "SUSE-SR:2007:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES"
        },
        {
          "name": "31525",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/31525"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/forum/forum.php?forum_id=652721"
        },
        {
          "name": "21956",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21956"
        },
        {
          "name": "23647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0096",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0096"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES"
            },
            {
              "name": "24889",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24889"
            },
            {
              "name": "mediawiki-ajax-unspecified-xss(31359)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31359"
            },
            {
              "name": "SUSE-SR:2007:006",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES"
            },
            {
              "name": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES",
              "refsource": "CONFIRM",
              "url": "http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES"
            },
            {
              "name": "31525",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/31525"
            },
            {
              "name": "http://sourceforge.net/forum/forum.php?forum_id=652721",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/forum/forum.php?forum_id=652721"
            },
            {
              "name": "21956",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21956"
            },
            {
              "name": "23647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0177",
    "datePublished": "2007-01-11T00:00:00",
    "dateReserved": "2007-01-10T00:00:00",
    "dateUpdated": "2024-08-07T12:12:17.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45371 (GCVE-0-2023-45371)

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 17:54

Severity ?

CWE

n/a

Summary

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T345064
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T345064"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45371",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:54:17.749445Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:54:27.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T05:32:47.753496",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T345064"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-45371",
    "datePublished": "2023-10-09T00:00:00",
    "dateReserved": "2023-10-09T00:00:00",
    "dateUpdated": "2024-09-19T17:54:27.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2936 (GCVE-0-2015-2936)

Vulnerability from cvelistv5

Published

2015-04-13 14:00

Modified

2024-08-06 05:32

Severity ?

CWE

n/a

Summary

MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.

References

►

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisory, x_refsource_GENTOO
	https://phabricator.wikimedia.org/T64685	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T64685"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T64685"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "https://phabricator.wikimedia.org/T64685",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T64685"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2936",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0372 (GCVE-0-2017-0372)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 16:27

Severity ?

CWE

parameter injection

Summary

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html	mailing-list, x_refsource_MLIST
	https://bugs.debian.org/861585	x_refsource_MISC
	https://phabricator.wikimedia.org/T158689	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2017-0372	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki (SyntaxHighlight extension)	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:57.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/861585"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T158689"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki (SyntaxHighlight extension)",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "parameter injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/861585"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T158689"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0372",
          "STATE": "PUBLIC",
          "TITLE": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki (SyntaxHighlight extension)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "parameter injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
            },
            {
              "name": "https://bugs.debian.org/861585",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/861585"
            },
            {
              "name": "https://phabricator.wikimedia.org/T158689",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T158689"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0372",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0372",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T16:27:46.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8812 (GCVE-0-2017-8812)

Vulnerability from cvelistv5

Published

2017-11-15 08:00

Modified

2024-08-05 16:48

Severity ?

CWE

greater than injection

Summary

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4036	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2	Version: MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:22.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
          },
          {
            "name": "DSA-4036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject \u003e (greater than) characters via the id attribute of a headline."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "greater than injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-16T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
        },
        {
          "name": "DSA-4036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-8812",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject \u003e (greater than) characters via the id attribute of a headline."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "greater than injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
            },
            {
              "name": "DSA-4036",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-8812",
    "datePublished": "2017-11-15T08:00:00",
    "dateReserved": "2017-05-07T00:00:00",
    "dateUpdated": "2024-08-05T16:48:22.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-1189 (GCVE-0-2010-1189)

Vulnerability from cvelistv5

Published

2010-03-31 17:35

Modified

2024-08-07 01:14

Severity ?

CWE

n/a

Summary

MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."

References

►

URL

Tags

	http://secunia.com/advisories/39656	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2010/dsa-2022	vendor-advisory, x_refsource_DEBIAN
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.vupen.com/english/advisories/2010/0685	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/39022	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/1001	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "39656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39656"
          },
          {
            "name": "DSA-2022",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2022"
          },
          {
            "name": "[MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
          },
          {
            "name": "SUSE-SR:2010:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
          },
          {
            "name": "ADV-2010-0685",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0685"
          },
          {
            "name": "39022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39022"
          },
          {
            "name": "ADV-2010-1001",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka \"CSS validation issue.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-04-30T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "39656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39656"
        },
        {
          "name": "DSA-2022",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2022"
        },
        {
          "name": "[MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
        },
        {
          "name": "SUSE-SR:2010:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
        },
        {
          "name": "ADV-2010-0685",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0685"
        },
        {
          "name": "39022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39022"
        },
        {
          "name": "ADV-2010-1001",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1189",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka \"CSS validation issue.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "39656",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39656"
            },
            {
              "name": "DSA-2022",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2022"
            },
            {
              "name": "[MediaWiki-announce] 20100303 MediaWiki security update: 1.15.2",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html"
            },
            {
              "name": "SUSE-SR:2010:010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
            },
            {
              "name": "ADV-2010-0685",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0685"
            },
            {
              "name": "39022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39022"
            },
            {
              "name": "ADV-2010-1001",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1189",
    "datePublished": "2010-03-31T17:35:00",
    "dateReserved": "2010-03-30T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0505 (GCVE-0-2018-0505)

Vulnerability from cvelistv5

Published

2018-10-04 20:00

Modified

2024-09-16 18:48

Severity ?

CWE

Authentication bypass

Summary

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T194605	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041695	vdb-entry, x_refsource_SECTRACK
	https://www.debian.org/security/2018/dsa-4301	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2019:3142	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3238	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3813	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: before 1.31.1, 1.30.1, 1.29.3 and 1.27.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.001Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T194605"
          },
          {
            "name": "1041695",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041695"
          },
          {
            "name": "DSA-4301",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4301"
          },
          {
            "name": "RHSA-2019:3142",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3142"
          },
          {
            "name": "RHSA-2019:3238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3238"
          },
          {
            "name": "RHSA-2019:3813",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3813"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5"
            }
          ]
        }
      ],
      "datePublic": "2018-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth\u0027s account lock"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-07T18:06:38",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T194605"
        },
        {
          "name": "1041695",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041695"
        },
        {
          "name": "DSA-4301",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4301"
        },
        {
          "name": "RHSA-2019:3142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3142"
        },
        {
          "name": "RHSA-2019:3238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3238"
        },
        {
          "name": "RHSA-2019:3813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3813"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "BotPasswords can bypass CentralAuth\u0027s account lock",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2018-09-20T21:18:00.000Z",
          "ID": "CVE-2018-0505",
          "STATE": "PUBLIC",
          "TITLE": "BotPasswords can bypass CentralAuth\u0027s account lock"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth\u0027s account lock"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[wikitech-l] 20180920 Security release: 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T194605",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T194605"
            },
            {
              "name": "1041695",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041695"
            },
            {
              "name": "DSA-4301",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4301"
            },
            {
              "name": "RHSA-2019:3142",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3142"
            },
            {
              "name": "RHSA-2019:3238",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3238"
            },
            {
              "name": "RHSA-2019:3813",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3813"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2018-0505",
    "datePublished": "2018-10-04T20:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-09-16T18:48:38.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42044 (GCVE-0-2021-42044)

Vulnerability from cvelistv5

Published

2021-10-06 20:28

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T289408	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T289408"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T20:28:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T289408"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42044",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T289408",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T289408"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I858d55fb2eca9b50ac6ef5a6f2a7b2784f0fa0d6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42044",
    "datePublished": "2021-10-06T20:28:07",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0537 (GCVE-0-2011-0537)

Vulnerability from cvelistv5

Published

2011-02-04 00:00

Modified

2024-08-06 21:58

Severity ?

CWE

n/a

Summary

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2011/0273	vdb-entry, x_refsource_VUPEN
	http://osvdb.org/70799	vdb-entry, x_refsource_OSVDB
	https://bugzilla.wikimedia.org/show_bug.cgi?id=27094	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2011/02/03/3	mailing-list, x_refsource_MLIST
	http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz	x_refsource_MISC
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2011/02/01/4	mailing-list, x_refsource_MLIST
	http://osvdb.org/70798	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:25.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0273",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0273"
          },
          {
            "name": "70799",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70799"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094"
          },
          {
            "name": "[oss-security] 20110203 Re: CVE request: Server-side arbitrary script inclusion vulnerability  in MediaWiki \u003c=1.16.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/02/03/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz"
          },
          {
            "name": "[MediaWiki-announce] 20110201 MediaWiki security release 1.16.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
          },
          {
            "name": "[oss-security] 20110201 CVE request: Server-side arbitrary script inclusion vulnerability  in MediaWiki \u003c=1.16.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/02/01/4"
          },
          {
            "name": "70798",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70798"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-02-12T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2011-0273",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0273"
        },
        {
          "name": "70799",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70799"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094"
        },
        {
          "name": "[oss-security] 20110203 Re: CVE request: Server-side arbitrary script inclusion vulnerability  in MediaWiki \u003c=1.16.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/02/03/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz"
        },
        {
          "name": "[MediaWiki-announce] 20110201 MediaWiki security release 1.16.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html"
        },
        {
          "name": "[oss-security] 20110201 CVE request: Server-side arbitrary script inclusion vulnerability  in MediaWiki \u003c=1.16.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/02/01/4"
        },
        {
          "name": "70798",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70798"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0537",
    "datePublished": "2011-02-04T00:00:00",
    "dateReserved": "2011-01-20T00:00:00",
    "dateUpdated": "2024-08-06T21:58:25.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1580 (GCVE-0-2011-1580)

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-06 22:28

Severity ?

CWE

n/a

Summary

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/0978	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/47354	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/44142	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/1151	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2011/dsa-2366	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=696360	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66739	vdb-entry, x_refsource_XF
	https://bugzilla.wikimedia.org/show_bug.cgi?id=28449	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/1100	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=695577	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/04/13/15	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-5495",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
          },
          {
            "name": "ADV-2011-0978",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0978"
          },
          {
            "name": "FEDORA-2011-5807",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
          },
          {
            "name": "47354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47354"
          },
          {
            "name": "44142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44142"
          },
          {
            "name": "FEDORA-2011-5848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
          },
          {
            "name": "ADV-2011-1151",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1151"
          },
          {
            "name": "DSA-2366",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2366"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
          },
          {
            "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
          },
          {
            "name": "mediawiki-transwiki-sec-bypass(66739)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66739"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28449"
          },
          {
            "name": "ADV-2011-1100",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1100"
          },
          {
            "name": "FEDORA-2011-5812",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
          },
          {
            "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-5495",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
        },
        {
          "name": "ADV-2011-0978",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0978"
        },
        {
          "name": "FEDORA-2011-5807",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
        },
        {
          "name": "47354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47354"
        },
        {
          "name": "44142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44142"
        },
        {
          "name": "FEDORA-2011-5848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
        },
        {
          "name": "ADV-2011-1151",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1151"
        },
        {
          "name": "DSA-2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2366"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
        },
        {
          "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
        },
        {
          "name": "mediawiki-transwiki-sec-bypass(66739)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66739"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28449"
        },
        {
          "name": "ADV-2011-1100",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1100"
        },
        {
          "name": "FEDORA-2011-5812",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
        },
        {
          "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/13/15"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1580",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2011-04-05T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31548 (GCVE-0-2021-31548)

Vulnerability from cvelistv5

Published

2021-04-22 02:30

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T272333	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T272333"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:30:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T272333"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T272333",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T272333"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31548",
    "datePublished": "2021-04-22T02:30:22",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23177 (GCVE-0-2024-23177)

Vulnerability from cvelistv5

Published

2024-01-12 00:00

Modified

2025-06-03 14:06

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.

References

►

URL

Tags

	https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
	https://phabricator.wikimedia.org/T348979

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T348979"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23177",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-09T23:38:10.274000Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:06:45.120Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T05:14:45.273Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/"
        },
        {
          "url": "https://phabricator.wikimedia.org/T348979"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-23177",
    "datePublished": "2024-01-12T00:00:00.000Z",
    "dateReserved": "2024-01-12T00:00:00.000Z",
    "dateUpdated": "2025-06-03T14:06:45.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-35480 (GCVE-0-2020-35480)

Vulnerability from cvelistv5

Published

2020-12-18 07:40

Modified

2024-08-04 17:02

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T120883	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4816	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.193Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T120883"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
          },
          {
            "name": "DSA-4816",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4816"
          },
          {
            "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
          },
          {
            "name": "FEDORA-2020-0be2d40e13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don\u0027t exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-27T03:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T120883"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
        },
        {
          "name": "DSA-4816",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4816"
        },
        {
          "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
        },
        {
          "name": "FEDORA-2020-0be2d40e13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35480",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don\u0027t exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T120883",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T120883"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html"
            },
            {
              "name": "DSA-4816",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4816"
            },
            {
              "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2504-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html"
            },
            {
              "name": "FEDORA-2020-0be2d40e13",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35480",
    "datePublished": "2020-12-18T07:40:38",
    "dateReserved": "2020-12-16T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-29005 (GCVE-0-2020-29005)

Vulnerability from cvelistv5

Published

2021-01-29 06:19

Modified

2024-08-04 16:48

Severity ?

CWE

n/a

Summary

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T262724	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:01.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T262724"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T06:19:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T262724"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T262724",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T262724"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29005",
    "datePublished": "2021-01-29T06:19:43",
    "dateReserved": "2020-11-24T00:00:00",
    "dateUpdated": "2024-08-04T16:48:01.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-2396 (GCVE-0-2005-2396)

Vulnerability from cvelistv5

Published

2005-07-27 04:00

Modified

2024-08-07 22:22

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/21491	vdb-entry, x_refsource_XF
	http://www.osvdb.org/17763	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/15950	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/14327	vdb-entry, x_refsource_BID
	http://security.gentoo.org/glsa/glsa-200507-18.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/16130	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:22:49.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mediawiki-page-move-xss(21491)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21491"
          },
          {
            "name": "17763",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/17763"
          },
          {
            "name": "15950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15950"
          },
          {
            "name": "14327",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14327"
          },
          {
            "name": "GLSA-200507-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200507-18.xml"
          },
          {
            "name": "16130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16130"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mediawiki-page-move-xss(21491)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21491"
        },
        {
          "name": "17763",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/17763"
        },
        {
          "name": "15950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15950"
        },
        {
          "name": "14327",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14327"
        },
        {
          "name": "GLSA-200507-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200507-18.xml"
        },
        {
          "name": "16130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16130"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mediawiki-page-move-xss(21491)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21491"
            },
            {
              "name": "17763",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/17763"
            },
            {
              "name": "15950",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15950"
            },
            {
              "name": "14327",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14327"
            },
            {
              "name": "GLSA-200507-18",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200507-18.xml"
            },
            {
              "name": "16130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16130"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2396",
    "datePublished": "2005-07-27T04:00:00",
    "dateReserved": "2005-07-27T00:00:00",
    "dateUpdated": "2024-08-07T22:22:49.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23172 (GCVE-0-2024-23172)

Vulnerability from cvelistv5

Published

2024-01-12 00:00

Modified

2025-06-04 15:18

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T347708
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T347708"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23172",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-18T19:42:28.907446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T15:18:54.208Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T04:40:05.107Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T347708"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-23172",
    "datePublished": "2024-01-12T00:00:00.000Z",
    "dateReserved": "2024-01-12T00:00:00.000Z",
    "dateUpdated": "2025-06-04T15:18:54.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44854 (GCVE-0-2021-44854)

Vulnerability from cvelistv5

Published

2022-12-26 00:00

Modified

2025-04-14 15:55

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T292763
	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T292763"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-44854",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T15:53:28.342131Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-524",
                "description": "CWE-524 Use of Cache Containing Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T15:55:34.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unknown",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T21:07:02.783Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T292763"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44854",
    "datePublished": "2022-12-26T00:00:00.000Z",
    "dateReserved": "2021-12-13T00:00:00.000Z",
    "dateUpdated": "2025-04-14T15:55:34.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0369 (GCVE-0-2017-0369)

Vulnerability from cvelistv5

Published

2018-04-13 16:00

Modified

2024-09-16 20:58

Severity ?

CWE

restriction bypass

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html	mailing-list, x_refsource_MLIST
	https://security-tracker.debian.org/tracker/CVE-2017-0369	x_refsource_CONFIRM
	https://phabricator.wikimedia.org/T108138	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mediawiki	mediawiki	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:03:56.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0369"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T108138"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki",
          "vendor": "mediawiki",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "restriction bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-13T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0369"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T108138"
        }
      ],
      "source": {
        "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
        "discovery": "UNKNOWN"
      },
      "title": "Sysops can undelete pages, although the page is protected against it",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
          "ID": "CVE-2017-0369",
          "STATE": "PUBLIC",
          "TITLE": "Sysops can undelete pages, although the page is protected against it"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediawiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mediawiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "restriction bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0369",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0369"
            },
            {
              "name": "https://phabricator.wikimedia.org/T108138",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T108138"
            }
          ]
        },
        "source": {
          "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-0369",
    "datePublished": "2018-04-13T16:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T20:58:15.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-29004 (GCVE-0-2020-29004)

Vulnerability from cvelistv5

Published

2021-01-29 06:22

Modified

2024-08-04 16:48

Severity ?

CWE

n/a

Summary

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T262724	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988	x_refsource_MISC
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:01.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T262724"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T06:22:51",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T262724"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29004",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T262724",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T262724"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29004",
    "datePublished": "2021-01-29T06:22:51",
    "dateReserved": "2020-11-24T00:00:00",
    "dateUpdated": "2024-08-04T16:48:01.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42041 (GCVE-0-2021-42041)

Vulnerability from cvelistv5

Published

2021-10-06 20:28

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T291696	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T291696"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T20:28:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T291696"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T291696",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T291696"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I7aeaa6e4de5ccaa5eeb6bf4fb00c96b01d5fea35"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42041",
    "datePublished": "2021-10-06T20:28:43",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8003 (GCVE-0-2015-8003)

Vulnerability from cvelistv5

Published

2015-11-09 18:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

References

►

URL

Tags

	http://www.securitytracker.com/id/1034028	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T91850	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034028"
          },
          {
            "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T91850"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1034028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034028"
        },
        {
          "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T91850"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034028"
            },
            {
              "name": "[MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T91850",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T91850"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8003",
    "datePublished": "2015-11-09T18:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40602 (GCVE-0-2024-40602)

Vulnerability from cvelistv5

Published

2024-07-06 00:00

Modified

2025-03-14 17:44

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

References

►

URL

Tags

https://phabricator.wikimedia.org/T361451

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T13:55:26.890064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T17:44:05.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T361451"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-06T23:26:55.969Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T361451"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40602",
    "datePublished": "2024-07-06T00:00:00.000Z",
    "dateReserved": "2024-07-06T00:00:00.000Z",
    "dateUpdated": "2025-03-14T17:44:05.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-1498 (GCVE-0-2006-1498)

Vulnerability from cvelistv5

Published

2006-03-30 00:00

Modified

2024-08-07 17:12

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2006/1194	vdb-entry, x_refsource_VUPEN
	http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml	vendor-advisory, x_refsource_GENTOO
	http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html	mailing-list, x_refsource_MLIST
	http://www.mediawiki.org/wiki/MediaWiki	x_refsource_CONFIRM
	http://secunia.com/advisories/19517	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2006_07_sr.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/17269	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/25588	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/19508	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/19504	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:12:22.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-1194",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1194"
          },
          {
            "name": "GLSA-200604-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml"
          },
          {
            "name": "[MediaWiki-announce] 20060327 MediaWiki 1.5.8, 1.4.15 released [SECURITY]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mediawiki.org/wiki/MediaWiki"
          },
          {
            "name": "19517",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19517"
          },
          {
            "name": "SUSE-SR:2006:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
          },
          {
            "name": "17269",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17269"
          },
          {
            "name": "mediawiki-unspecified-xss(25588)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25588"
          },
          {
            "name": "19508",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19508"
          },
          {
            "name": "19504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19504"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-1194",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1194"
        },
        {
          "name": "GLSA-200604-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml"
        },
        {
          "name": "[MediaWiki-announce] 20060327 MediaWiki 1.5.8, 1.4.15 released [SECURITY]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mediawiki.org/wiki/MediaWiki"
        },
        {
          "name": "19517",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19517"
        },
        {
          "name": "SUSE-SR:2006:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
        },
        {
          "name": "17269",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17269"
        },
        {
          "name": "mediawiki-unspecified-xss(25588)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25588"
        },
        {
          "name": "19508",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19508"
        },
        {
          "name": "19504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19504"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-1194",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1194"
            },
            {
              "name": "GLSA-200604-01",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml"
            },
            {
              "name": "[MediaWiki-announce] 20060327 MediaWiki 1.5.8, 1.4.15 released [SECURITY]",
              "refsource": "MLIST",
              "url": "http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html"
            },
            {
              "name": "http://www.mediawiki.org/wiki/MediaWiki",
              "refsource": "CONFIRM",
              "url": "http://www.mediawiki.org/wiki/MediaWiki"
            },
            {
              "name": "19517",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19517"
            },
            {
              "name": "SUSE-SR:2006:007",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
            },
            {
              "name": "17269",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17269"
            },
            {
              "name": "mediawiki-unspecified-xss(25588)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25588"
            },
            {
              "name": "19508",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19508"
            },
            {
              "name": "19504",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19504"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1498",
    "datePublished": "2006-03-30T00:00:00",
    "dateReserved": "2006-03-29T00:00:00",
    "dateUpdated": "2024-08-07T17:12:22.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-0534 (GCVE-0-2005-0534)

Vulnerability from cvelistv5

Published

2005-02-24 05:00

Modified

2024-08-07 21:13

Severity ?

CWE

n/a

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script.

References

►

URL

Tags

	http://securitytracker.com/id?1013260	vdb-entry, x_refsource_SECTRACK
	http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml	vendor-advisory, x_refsource_GENTOO
	http://sourceforge.net/project/shownotes.php?release_id=307067	x_refsource_CONFIRM
	http://secunia.com/advisories/14360	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:13:54.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1013260",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013260"
          },
          {
            "name": "GLSA-200502-33",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
          },
          {
            "name": "14360",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14360"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-03-30T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1013260",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013260"
        },
        {
          "name": "GLSA-200502-33",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
        },
        {
          "name": "14360",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14360"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0534",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1013260",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013260"
            },
            {
              "name": "GLSA-200502-33",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=307067",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
            },
            {
              "name": "14360",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14360"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0534",
    "datePublished": "2005-02-24T05:00:00",
    "dateReserved": "2005-02-24T00:00:00",
    "dateUpdated": "2024-08-07T21:13:54.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28209 (GCVE-0-2022-28209)

Vulnerability from cvelistv5

Published

2022-03-30 00:00

Modified

2024-08-03 05:48

Severity ?

CWE

n/a

Summary

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T304126
	https://gerrit.wikimedia.org/r/q/Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T304126"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T304126"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/q/Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28209",
    "datePublished": "2022-03-30T00:00:00",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-08-03T05:48:37.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44856 (GCVE-0-2021-44856)

Vulnerability from cvelistv5

Published

2022-12-26 00:00

Modified

2025-04-14 15:49

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T271037
	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T271037"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-44856",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T15:49:08.587806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T15:49:47.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unknown",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T21:07:08.509Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T271037"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44856",
    "datePublished": "2022-12-26T00:00:00.000Z",
    "dateReserved": "2021-12-13T00:00:00.000Z",
    "dateUpdated": "2025-04-14T15:49:47.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9475 (GCVE-0-2014-9475)

Vulnerability from cvelistv5

Published

2015-01-16 16:00

Modified

2024-08-06 13:47

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.

References

►

URL

Tags

	http://www.debian.org/security/2014/dsa-3110	vendor-advisory, x_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2015/01/03/13	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/12/21/2	mailing-list, x_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:006	vendor-advisory, x_refsource_MANDRIVA
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3110",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3110"
          },
          {
            "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
          },
          {
            "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
          },
          {
            "name": "MDVSA-2015:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
          },
          {
            "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-02-04T17:57:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "DSA-3110",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3110"
        },
        {
          "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
        },
        {
          "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
        },
        {
          "name": "MDVSA-2015:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
        },
        {
          "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-9475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3110",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3110"
            },
            {
              "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
            },
            {
              "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
            },
            {
              "name": "MDVSA-2015:006",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:006"
            },
            {
              "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-9475",
    "datePublished": "2015-01-16T16:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46149 (GCVE-0-2021-46149)

Vulnerability from cvelistv5

Published

2022-01-07 05:53

Modified

2024-08-04 05:02

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T293749	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:02:10.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T293749"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-07T05:53:47",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T293749"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-46149",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T293749",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T293749"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46149",
    "datePublished": "2022-01-07T05:53:47",
    "dateReserved": "2022-01-07T00:00:00",
    "dateUpdated": "2024-08-04T05:02:10.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37251 (GCVE-0-2023-37251)

Vulnerability from cvelistv5

Published

2023-06-29 00:00

Modified

2024-11-26 19:37

Severity ?

CWE

n/a

Summary

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.

References

►

URL

Tags

https://phabricator.wikimedia.org/T333980

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T333980"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T19:37:38.015787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T19:37:48.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-29T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T333980"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37251",
    "datePublished": "2023-06-29T00:00:00",
    "dateReserved": "2023-06-29T00:00:00",
    "dateUpdated": "2024-11-26T19:37:48.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37302 (GCVE-0-2023-37302)

Vulnerability from cvelistv5

Published

2023-06-30 00:00

Modified

2024-11-26 16:44

Severity ?

CWE

n/a

Summary

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T339111
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:34.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T339111"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37302",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T16:44:40.558042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T16:44:49.293Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T339111"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37302",
    "datePublished": "2023-06-30T00:00:00",
    "dateReserved": "2023-06-30T00:00:00",
    "dateUpdated": "2024-11-26T16:44:49.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-45473 (GCVE-0-2021-45473)

Vulnerability from cvelistv5

Published

2021-12-24 01:03

Modified

2024-08-04 04:39

Severity ?

CWE

n/a

Summary

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T294693	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:21.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T294693"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d"
          },
          {
            "name": "FEDORA-2021-bef1126908",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T02:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T294693"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d"
        },
        {
          "name": "FEDORA-2021-bef1126908",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45473",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T294693",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T294693"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d"
            },
            {
              "name": "FEDORA-2021-bef1126908",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45473",
    "datePublished": "2021-12-24T01:03:46",
    "dateReserved": "2021-12-24T00:00:00",
    "dateUpdated": "2024-08-04T04:39:21.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31555 (GCVE-0-2021-31555)

Vulnerability from cvelistv5

Published

2021-04-22 02:28

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T277388	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T277388"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter\u0027s length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:28:51",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T277388"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31555",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter\u0027s length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T277388",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T277388"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31555",
    "datePublished": "2021-04-22T02:28:51",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30158 (GCVE-0-2021-30158)

Vulnerability from cvelistv5

Published

2021-04-06 06:42

Modified

2024-08-03 22:24

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T277009	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4889	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202107-40	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T277009"
          },
          {
            "name": "DSA-4889",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4889"
          },
          {
            "name": "FEDORA-2021-f4223b6684",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
          },
          {
            "name": "FEDORA-2021-d298103d3a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
          },
          {
            "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
          },
          {
            "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
          },
          {
            "name": "GLSA-202107-40",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-17T07:06:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T277009"
        },
        {
          "name": "DSA-4889",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4889"
        },
        {
          "name": "FEDORA-2021-f4223b6684",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
        },
        {
          "name": "FEDORA-2021-d298103d3a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
        },
        {
          "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
        },
        {
          "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
        },
        {
          "name": "GLSA-202107-40",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-40"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T277009",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T277009"
            },
            {
              "name": "DSA-4889",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4889"
            },
            {
              "name": "FEDORA-2021-f4223b6684",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/"
            },
            {
              "name": "FEDORA-2021-d298103d3a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/"
            },
            {
              "name": "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"
            },
            {
              "name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"
            },
            {
              "name": "GLSA-202107-40",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-40"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30158",
    "datePublished": "2021-04-06T06:42:45",
    "dateReserved": "2021-04-06T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2114 (GCVE-0-2013-2114)

Vulnerability from cvelistv5

Published

2013-11-15 18:16

Modified

2024-09-16 23:41

Severity ?

CWE

n/a

Summary

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

References

►

URL

Tags

	http://secunia.com/advisories/55433	third-party-advisory, x_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2013/05/24/3	mailing-list, x_refsource_MLIST
	http://security.gentoo.org/glsa/glsa-201310-21.xml	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.wikimedia.org/show_bug.cgi?id=48306	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:40.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55433"
          },
          {
            "name": "[oss-security] 20130524 Re: CVE request: MediaWiki chunked uploads vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/05/24/3"
          },
          {
            "name": "GLSA-201310-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306"
          },
          {
            "name": "[MediaWiki-announce] 20130521 MediaWiki Security Release: 1.20.6 and 1.19.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-15T18:16:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "55433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55433"
        },
        {
          "name": "[oss-security] 20130524 Re: CVE request: MediaWiki chunked uploads vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/05/24/3"
        },
        {
          "name": "GLSA-201310-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306"
        },
        {
          "name": "[MediaWiki-announce] 20130521 MediaWiki Security Release: 1.20.6 and 1.19.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55433",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55433"
            },
            {
              "name": "[oss-security] 20130524 Re: CVE request: MediaWiki chunked uploads vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/05/24/3"
            },
            {
              "name": "GLSA-201310-21",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=48306"
            },
            {
              "name": "[MediaWiki-announce] 20130521 MediaWiki Security Release: 1.20.6 and 1.19.7",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2114",
    "datePublished": "2013-11-15T18:16:00Z",
    "dateReserved": "2013-02-19T00:00:00Z",
    "dateUpdated": "2024-09-16T23:41:52.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41767 (GCVE-0-2022-41767)

Vulnerability from cvelistv5

Published

2022-12-26 00:00

Modified

2025-04-14 14:23

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T316304
	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:44.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T316304"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T14:22:46.260209Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T14:23:14.276Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unknown",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T21:06:52.194Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T316304"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-41767",
    "datePublished": "2022-12-26T00:00:00.000Z",
    "dateReserved": "2022-09-29T00:00:00.000Z",
    "dateUpdated": "2025-04-14T14:23:14.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37301 (GCVE-0-2023-37301)

Vulnerability from cvelistv5

Published

2023-06-30 00:00

Modified

2024-11-27 18:47

Severity ?

CWE

n/a

Summary

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T250720
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:34.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T250720"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37301",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T18:46:21.372349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-326",
                "description": "CWE-326 Inadequate Encryption Strength",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T18:47:20.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn\u0027t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T250720"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-37301",
    "datePublished": "2023-06-30T00:00:00",
    "dateReserved": "2023-06-30T00:00:00",
    "dateUpdated": "2024-11-27T18:47:20.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23173 (GCVE-0-2024-23173)

Vulnerability from cvelistv5

Published

2024-01-12 00:00

Modified

2025-06-03 14:06

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T348687
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:31.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T348687"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23173",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T17:25:26.779253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:06:50.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T04:39:53.663Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T348687"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-23173",
    "datePublished": "2024-01-12T00:00:00.000Z",
    "dateReserved": "2024-01-12T00:00:00.000Z",
    "dateUpdated": "2025-06-03T14:06:50.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-45038 (GCVE-0-2021-45038)

Vulnerability from cvelistv5

Published

2021-12-17 00:00

Modified

2024-08-04 04:32

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T297574
	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297574"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T297574"
        },
        {
          "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45038",
    "datePublished": "2021-12-17T00:00:00",
    "dateReserved": "2021-12-13T00:00:00",
    "dateUpdated": "2024-08-04T04:32:13.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-2215 (GCVE-0-2005-2215)

Vulnerability from cvelistv5

Published

2005-07-12 04:00

Modified

2024-08-07 22:15

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.

References

►

URL

Tags

	http://www.novell.com/linux/security/advisories/2005_19_sr.html	vendor-advisory, x_refsource_SUSE
	http://sourceforge.net/project/shownotes.php?release_id=340290	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/14181	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/15950	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:15:37.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=340290"
          },
          {
            "name": "14181",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14181"
          },
          {
            "name": "15950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15950"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=340290"
        },
        {
          "name": "14181",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14181"
        },
        {
          "name": "15950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15950"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2215",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:019",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=340290",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=340290"
            },
            {
              "name": "14181",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14181"
            },
            {
              "name": "15950",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15950"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2215",
    "datePublished": "2005-07-12T04:00:00",
    "dateReserved": "2005-07-12T00:00:00",
    "dateUpdated": "2024-08-07T22:15:37.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36125 (GCVE-0-2021-36125)

Vulnerability from cvelistv5

Published

2021-07-02 13:01

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).

References

►

URL

Tags

	https://phabricator.wikimedia.org/T260865	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T260865"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user\u0027s current username is beyond an arbitrary maximum configuration value (MaxNameChars)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T13:01:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T260865"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36125",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user\u0027s current username is beyond an arbitrary maximum configuration value (MaxNameChars)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T260865",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T260865"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36125",
    "datePublished": "2021-07-02T13:01:13",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41800 (GCVE-0-2021-41800)

Vulnerability from cvelistv5

Published

2021-10-11 00:00

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T284419
	https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
	https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/	vendor-advisory
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:24.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T284419"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874"
          },
          {
            "name": "FEDORA-2021-eee8b7514f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
          },
          {
            "name": "FEDORA-2021-56d8173b5e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
          },
          {
            "name": "FEDORA-2021-3dd1b66cbf",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T284419"
        },
        {
          "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/"
        },
        {
          "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874"
        },
        {
          "name": "FEDORA-2021-eee8b7514f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/"
        },
        {
          "name": "FEDORA-2021-56d8173b5e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/"
        },
        {
          "name": "FEDORA-2021-3dd1b66cbf",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-41800",
    "datePublished": "2021-10-11T00:00:00",
    "dateReserved": "2021-09-29T00:00:00",
    "dateUpdated": "2024-08-04T03:22:24.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29139 (GCVE-0-2023-29139)

Vulnerability from cvelistv5

Published

2023-03-31 00:00

Modified

2025-02-14 19:24

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Summary

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).

References

►

URL

Tags

https://phabricator.wikimedia.org/T326293

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.500Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T326293"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-29139",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T19:23:58.574817Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T19:24:42.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://phabricator.wikimedia.org/T326293"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-31T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T326293"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-29139",
    "datePublished": "2023-03-31T00:00:00.000Z",
    "dateReserved": "2023-03-31T00:00:00.000Z",
    "dateUpdated": "2025-02-14T19:24:42.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8811 (GCVE-0-2017-8811)

Vulnerability from cvelistv5

Published

2017-11-15 08:00

Modified

2024-08-05 16:48

Severity ?

CWE

HTML mangling

Summary

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039812	vdb-entry, x_refsource_SECTRACK
	https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4036	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2	Version: MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:48:22.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
          },
          {
            "name": "DSA-4036",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTML mangling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-16T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
        },
        {
          "name": "DSA-4036",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4036"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-8811",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTML mangling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
            },
            {
              "name": "DSA-4036",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4036"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-8811",
    "datePublished": "2017-11-15T08:00:00",
    "dateReserved": "2017-05-07T00:00:00",
    "dateUpdated": "2024-08-05T16:48:22.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25869 (GCVE-0-2020-25869)

Vulnerability from cvelistv5

Published

2020-09-27 20:40

Modified

2024-08-04 15:49

Severity ?

CWE

n/a

Summary

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T260485	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html	x_refsource_CONFIRM
	https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:06.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T260485"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
          },
          {
            "name": "FEDORA-2020-a4802c53d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T02:06:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T260485"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
        },
        {
          "name": "FEDORA-2020-a4802c53d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-25869",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T260485",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T260485"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
            },
            {
              "name": "FEDORA-2020-a4802c53d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-25869",
    "datePublished": "2020-09-27T20:40:25",
    "dateReserved": "2020-09-24T00:00:00",
    "dateUpdated": "2024-08-04T15:49:06.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-12468 (GCVE-0-2019-12468)

Vulnerability from cvelistv5

Published

2019-07-10 14:58

Modified

2024-08-04 23:24

Severity ?

CWE

n/a

Summary

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/	x_refsource_MISC
	https://www.debian.org/security/2019/dsa-4460	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Jun/12	mailing-list, x_refsource_BUGTRAQ
	https://phabricator.wikimedia.org/T197279	x_refsource_MISC
	https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/"
          },
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T197279"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T14:58:58",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/"
        },
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T197279"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12468",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/",
              "refsource": "MISC",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/"
            },
            {
              "name": "DSA-4460",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "https://phabricator.wikimedia.org/T197279",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T197279"
            },
            {
              "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html",
              "refsource": "CONFIRM",
              "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12468",
    "datePublished": "2019-07-10T14:58:15",
    "dateReserved": "2019-05-30T00:00:00",
    "dateUpdated": "2024-08-04T23:24:37.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4308 (GCVE-0-2013-4308)

Vulnerability from cvelistv5

Published

2013-09-11 14:00

Modified

2024-08-06 16:38

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.

References

►

URL

Tags

	http://seclists.org/oss-sec/2013/q3/553	mailing-list, x_refsource_MLIST
	http://osvdb.org/96906	vdb-entry, x_refsource_OSVDB
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86891	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/62218	vdb-entry, x_refsource_BID
	https://bugzilla.wikimedia.org/show_bug.cgi?id=53320	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "name": "96906",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96906"
          },
          {
            "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "name": "mediawiki-cve20134308-xss(86891)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86891"
          },
          {
            "name": "62218",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62218"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53320"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "name": "96906",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96906"
        },
        {
          "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "name": "mediawiki-cve20134308-xss(86891)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86891"
        },
        {
          "name": "62218",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62218"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53320"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4308",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "96906",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96906"
            },
            {
              "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "mediawiki-cve20134308-xss(86891)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86891"
            },
            {
              "name": "62218",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62218"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53320",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53320"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4308",
    "datePublished": "2013-09-11T14:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36132 (GCVE-0-2021-36132)

Vulnerability from cvelistv5

Published

2021-07-02 12:59

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T280590	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T280590"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T12:59:57",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T280590"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36132",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T280590",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T280590"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I8ff2a67abd2c118a3469e4410eac2a451bfa76c3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36132",
    "datePublished": "2021-07-02T12:59:57",
    "dateReserved": "2021-07-02T00:00:00",
    "dateUpdated": "2024-08-04T00:47:43.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4307 (GCVE-0-2013-4307)

Vulnerability from cvelistv5

Published

2013-09-11 14:00

Modified

2024-08-06 16:38

Severity ?

CWE

n/a

Summary

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description.

References

►

URL

Tags

	http://seclists.org/oss-sec/2013/q3/553	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/62201	vdb-entry, x_refsource_BID
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html	mailing-list, x_refsource_MLIST
	http://osvdb.org/96907	vdb-entry, x_refsource_OSVDB
	https://bugzilla.wikimedia.org/show_bug.cgi?id=53472	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86892	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "name": "62201",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62201"
          },
          {
            "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "name": "96907",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96907"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472"
          },
          {
            "name": "mediawiki-cve20134307-xss(86892)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86892"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the \"In other languages\" section or (2) remote administrators to inject arbitrary web script or HTML via a description."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "name": "62201",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62201"
        },
        {
          "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "name": "96907",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96907"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472"
        },
        {
          "name": "mediawiki-cve20134307-xss(86892)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86892"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4307",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the \"In other languages\" section or (2) remote administrators to inject arbitrary web script or HTML via a description."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "62201",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62201"
            },
            {
              "name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "96907",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96907"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472"
            },
            {
              "name": "mediawiki-cve20134307-xss(86892)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86892"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4307",
    "datePublished": "2013-09-11T14:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6453 (GCVE-0-2013-6453)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-08-06 17:39

Severity ?

CWE

n/a

Summary

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T13:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6453",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6453",
    "datePublished": "2014-05-12T14:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3455 (GCVE-0-2014-3455)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-09-17 02:42

Severity ?

CWE

n/a

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.

References

►

URL

Tags

	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=57025	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T14:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3455",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3455",
    "datePublished": "2014-05-12T14:00:00Z",
    "dateReserved": "2014-05-12T00:00:00Z",
    "dateUpdated": "2024-09-17T02:42:25.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-34911 (GCVE-0-2022-34911)

Vulnerability from cvelistv5

Published

2022-07-02 00:00

Modified

2024-08-03 09:22

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().

References

►

URL

Tags

	https://phabricator.wikimedia.org/T308471
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html	mailing-list
	https://www.debian.org/security/2022/dsa-5246	vendor-advisory
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:22:10.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T308471"
          },
          {
            "name": "FEDORA-2022-f83aec6d57",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
          },
          {
            "name": "FEDORA-2022-bca2c95559",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
          },
          {
            "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
          },
          {
            "name": "DSA-5246",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5246"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to \"Welcome\" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text()."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T308471"
        },
        {
          "name": "FEDORA-2022-f83aec6d57",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
        },
        {
          "name": "FEDORA-2022-bca2c95559",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
        },
        {
          "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"
        },
        {
          "name": "DSA-5246",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5246"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34911",
    "datePublished": "2022-07-02T00:00:00",
    "dateReserved": "2022-07-02T00:00:00",
    "dateUpdated": "2024-08-03T09:22:10.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51704 (GCVE-0-2023-51704)

Vulnerability from cvelistv5

Published

2023-12-22 00:00

Modified

2024-09-26 15:03

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T347726
	https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:03:05.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T347726"
          },
          {
            "name": "[debian-lts-announce] 20240427 [SECURITY] [DLA 3796-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html"
          },
          {
            "name": "FEDORA-2024-2c564b942d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:42.739051",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T347726"
        },
        {
          "name": "[debian-lts-announce] 20240427 [SECURITY] [DLA 3796-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00018.html"
        },
        {
          "name": "FEDORA-2024-2c564b942d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-51704",
    "datePublished": "2023-12-22T00:00:00",
    "dateReserved": "2023-12-22T00:00:00",
    "dateUpdated": "2024-09-26T15:03:05.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2242 (GCVE-0-2014-2242)

Vulnerability from cvelistv5

Published

2014-03-02 02:00

Modified

2024-08-06 10:06

Severity ?

CWE

n/a

Summary

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

References

►

URL

Tags

	http://www.securityfocus.com/bid/65910	vdb-entry, x_refsource_BID
	http://openwall.com/lists/oss-security/2014/02/28/1	mailing-list, x_refsource_MLIST
	https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz	x_refsource_CONFIRM
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html	mailing-list, x_refsource_MLIST
	https://bugzilla.wikimedia.org/show_bug.cgi?id=60771	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2014/03/01/2	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1071135	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "65910",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65910"
          },
          {
            "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz"
          },
          {
            "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60771"
          },
          {
            "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-14T16:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "65910",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65910"
        },
        {
          "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb%2Cn%2Cz"
        },
        {
          "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60771"
        },
        {
          "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2242",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "65910",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65910"
            },
            {
              "name": "[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/02/28/1"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z",
              "refsource": "CONFIRM",
              "url": "https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z"
            },
            {
              "name": "[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60771",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=60771"
            },
            {
              "name": "[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/03/01/2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1071135",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071135"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2242",
    "datePublished": "2014-03-02T02:00:00",
    "dateReserved": "2014-02-28T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34502 (GCVE-0-2024-34502)

Vulnerability from cvelistv5

Published

2024-05-05 00:00

Modified

2024-08-21 20:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

n/a

Summary

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T357101
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:11.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T357101"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359"
          },
          {
            "name": "FEDORA-2024-2c564b942d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mediawiki",
            "vendor": "mediawiki",
            "versions": [
              {
                "lessThan": "1.39.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.40.2",
                "status": "affected",
                "version": "1.40.0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.41.1",
                "status": "affected",
                "version": "1.41.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T19:13:18.117446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-352",
                "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T20:00:39.261Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:36.062665",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T357101"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359"
        },
        {
          "name": "FEDORA-2024-2c564b942d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-34502",
    "datePublished": "2024-05-05T00:00:00",
    "dateReserved": "2024-05-05T00:00:00",
    "dateUpdated": "2024-08-21T20:00:39.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44855 (GCVE-0-2021-44855)

Vulnerability from cvelistv5

Published

2022-12-26 00:00

Modified

2025-04-14 15:52

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T293589
	https://security.gentoo.org/glsa/202305-24

Impacted products

	Vendor	Product	Version
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T293589"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-44855",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T15:51:07.724434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T15:52:12.291Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unknown",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T21:07:07.196Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T293589"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44855",
    "datePublished": "2022-12-26T00:00:00.000Z",
    "dateReserved": "2021-12-13T00:00:00.000Z",
    "dateUpdated": "2025-04-14T15:52:12.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2853 (GCVE-0-2014-2853)

Vulnerability from cvelistv5

Published

2014-04-29 18:00

Modified

2024-08-06 10:28

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

References

►

URL

Tags

	http://www.securityfocus.com/bid/67068	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1030161	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/58262	third-party-advisory, x_refsource_SECUNIA
	https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6	x_refsource_MISC
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html	mailing-list, x_refsource_MLIST
	https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5	x_refsource_CONFIRM
	https://bugzilla.wikimedia.org/show_bug.cgi?id=63251	x_refsource_CONFIRM
	https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1091967	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "67068",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67068"
          },
          {
            "name": "1030161",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030161"
          },
          {
            "name": "58262",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58262"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6"
          },
          {
            "name": "[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-12T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "67068",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67068"
        },
        {
          "name": "1030161",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030161"
        },
        {
          "name": "58262",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58262"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6"
        },
        {
          "name": "[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2853",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "67068",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67068"
            },
            {
              "name": "1030161",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030161"
            },
            {
              "name": "58262",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58262"
            },
            {
              "name": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6",
              "refsource": "MISC",
              "url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6"
            },
            {
              "name": "[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251"
            },
            {
              "name": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8",
              "refsource": "CONFIRM",
              "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2853",
    "datePublished": "2014-04-29T18:00:00",
    "dateReserved": "2014-04-14T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42048 (GCVE-0-2021-42048)

Vulnerability from cvelistv5

Published

2021-10-06 20:47

Modified

2024-08-04 03:22

Severity ?

CWE

n/a

Summary

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T289064	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T289064"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:39:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T289064"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T289064",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T289064"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42048",
    "datePublished": "2021-10-06T20:47:15",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31545 (GCVE-0-2021-31545)

Vulnerability from cvelistv5

Published

2021-04-22 02:30

Modified

2024-08-03 23:03

Severity ?

CWE

n/a

Summary

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T71367	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T71367"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T02:30:59",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T71367"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31545",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T71367",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T71367"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31545",
    "datePublished": "2021-04-22T02:30:59",
    "dateReserved": "2021-04-22T00:00:00",
    "dateUpdated": "2024-08-03T23:03:33.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34500 (GCVE-0-2024-34500)

Vulnerability from cvelistv5

Published

2024-05-05 00:00

Modified

2024-12-04 21:04

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

n/a

Summary

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T357203
	https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34500",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T20:07:35.672796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T21:04:53.217Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:11.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T357203"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175"
          },
          {
            "name": "FEDORA-2024-2c564b942d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:39.486789",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T357203"
        },
        {
          "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UnlinkedWikibase/+/1002175"
        },
        {
          "name": "FEDORA-2024-2c564b942d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-34500",
    "datePublished": "2024-05-05T00:00:00",
    "dateReserved": "2024-05-05T00:00:00",
    "dateUpdated": "2024-12-04T21:04:53.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4571 (GCVE-0-2013-4571)

Vulnerability from cvelistv5

Published

2014-05-12 14:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.

References

►

URL

Tags

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-12T13:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4571",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4571",
    "datePublished": "2014-05-12T14:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8009 (GCVE-0-2015-8009)

Vulnerability from cvelistv5

Published

2017-07-25 14:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.

References

►

URL

Tags

	http://www.securitytracker.com/id/1034028	vdb-entry, x_refsource_SECTRACK
	https://phabricator.wikimedia.org/T103023	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/10/29/14	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034028"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T103023"
          },
          {
            "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer\u0027s credentials by leveraging knowledge of the credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-14T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1034028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034028"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T103023"
        },
        {
          "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8009",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer\u0027s credentials by leveraging knowledge of the credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034028"
            },
            {
              "name": "https://phabricator.wikimedia.org/T103023",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T103023"
            },
            {
              "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8009",
    "datePublished": "2017-07-25T14:00:00",
    "dateReserved": "2015-10-28T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8624 (GCVE-0-2015-8624)

Vulnerability from cvelistv5

Published

2017-03-23 20:00

Modified

2024-08-06 08:20

Severity ?

CWE

n/a

Summary

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.

References

►

URL

Tags

	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/12/23/7	mailing-list, x_refsource_MLIST
	https://phabricator.wikimedia.org/T119309	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/12/21/8	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
          },
          {
            "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T119309"
          },
          {
            "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
        },
        {
          "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T119309"
        },
        {
          "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
            },
            {
              "name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
            },
            {
              "name": "https://phabricator.wikimedia.org/T119309",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T119309"
            },
            {
              "name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8624",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2015-12-23T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44857 (GCVE-0-2021-44857)

Vulnerability from cvelistv5

Published

2021-12-17 00:00

Modified

2024-08-04 04:32

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T297322
	https://www.mediawiki.org/wiki/2021-12_security_release/FAQ
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297322"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn\u0027t have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://phabricator.wikimedia.org/T297322"
        },
        {
          "url": "https://www.mediawiki.org/wiki/2021-12_security_release/FAQ"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44857",
    "datePublished": "2021-12-17T00:00:00",
    "dateReserved": "2021-12-13T00:00:00",
    "dateUpdated": "2024-08-04T04:32:13.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-4828 (GCVE-0-2007-4828)

Vulnerability from cvelistv5

Published

2007-09-12 19:00

Modified

2024-08-07 15:08

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

►

URL

Tags

	http://www.securityfocus.com/bid/25632	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2007/3130	vdb-entry, x_refsource_VUPEN
	http://fedoranews.org/updates/FEDORA-2007-218.shtml	vendor-advisory, x_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36558	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/26772	third-party-advisory, x_refsource_SECUNIA
	http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/26870	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=287881	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25632",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25632"
          },
          {
            "name": "ADV-2007-3130",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3130"
          },
          {
            "name": "FEDORA-2007-2189",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2007-218.shtml"
          },
          {
            "name": "mediawiki-prettyprinting-xss(36558)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36558"
          },
          {
            "name": "26772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26772"
          },
          {
            "name": "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
          },
          {
            "name": "26870",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26870"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=287881"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "25632",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25632"
        },
        {
          "name": "ADV-2007-3130",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3130"
        },
        {
          "name": "FEDORA-2007-2189",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2007-218.shtml"
        },
        {
          "name": "mediawiki-prettyprinting-xss(36558)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36558"
        },
        {
          "name": "26772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26772"
        },
        {
          "name": "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
        },
        {
          "name": "26870",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26870"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=287881"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-4828",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25632",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25632"
            },
            {
              "name": "ADV-2007-3130",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3130"
            },
            {
              "name": "FEDORA-2007-2189",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2007-218.shtml"
            },
            {
              "name": "mediawiki-prettyprinting-xss(36558)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36558"
            },
            {
              "name": "26772",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26772"
            },
            {
              "name": "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released",
              "refsource": "MLIST",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
            },
            {
              "name": "26870",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26870"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=287881",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=287881"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-4828",
    "datePublished": "2007-09-12T19:00:00",
    "dateReserved": "2007-09-12T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-45472 (GCVE-0-2021-45472)

Vulnerability from cvelistv5

Published

2021-12-24 01:04

Modified

2024-08-04 04:39

Severity ?

CWE

n/a

Summary

In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.

References

►

URL

Tags

	https://phabricator.wikimedia.org/T297570	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:21.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T297570"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd"
          },
          {
            "name": "FEDORA-2021-bef1126908",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T02:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T297570"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd"
        },
        {
          "name": "FEDORA-2021-bef1126908",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T297570",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T297570"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd"
            },
            {
              "name": "FEDORA-2021-bef1126908",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7JNQA53K675TQBBJPZRAG5ZT6XES3IS/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45472",
    "datePublished": "2021-12-24T01:04:04",
    "dateReserved": "2021-12-24T00:00:00",
    "dateUpdated": "2024-08-04T04:39:21.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28205 (GCVE-0-2022-28205)

Vulnerability from cvelistv5

Published

2022-03-30 00:00

Modified

2024-08-03 05:48

Severity ?

CWE

n/a

Summary

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.

References

►

URL

Tags

	https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f
	https://phabricator.wikimedia.org/T302248
	https://security.gentoo.org/glsa/202305-24	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T302248"
          },
          {
            "name": "GLSA-202305-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f"
        },
        {
          "url": "https://phabricator.wikimedia.org/T302248"
        },
        {
          "name": "GLSA-202305-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28205",
    "datePublished": "2022-03-30T00:00:00",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-08-03T05:48:37.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to MediaWiki - MediaWiki

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd