📦 Mediawiki

This vulnerability allows unauthenticated attackers to merge lexemes in WikibaseLexeme without proper authorization. It affects MediaWiki installations with the WikibaseLexeme extension enabled. The i...

This vulnerability in the CheckUser extension for MediaWiki allows denial-of-service attacks when attempting to block users, causing temporary browser hangs and database disconnection errors. It affec...

This vulnerability in MediaWiki allows attackers to trigger automatic IP blocking by manipulating the X-Forwarded-For HTTP header. It affects MediaWiki instances that process untrusted headers, potent...

This CVE describes an SQL injection vulnerability in the SemanticDrilldown extension for MediaWiki. Attackers can exploit certain '-' and '_' constraints to execute arbitrary SQL commands. All MediaWi...

This vulnerability allows attackers to bypass authorization checks in the QuizGame extension for MediaWiki, granting unauthorized access to admin API functions. Any MediaWiki installation with the Qui...

A critical vulnerability in MediaWiki's CentralAuth extension allows improper handling of group expiration timestamps (TTL), potentially enabling privilege escalation. This affects MediaWiki installat...

This vulnerability in MediaWiki's AntiSpoof extension allows users with the 'override-antispoof' permission to bypass username spoofing checks. It affects MediaWiki installations with the AntiSpoof ex...

This vulnerability in MediaWiki's OAuth extension allows attackers to cause denial of service or potentially execute arbitrary code by submitting RSA keys that exceed MySQL blob storage limits. It aff...

This vulnerability in MediaWiki's AbuseFilter extension causes a fatal error when both the content language and English versions of the MediaWiki:Abusefilter-blocker message are invalid. This prevents...

This vulnerability in MediaWiki's CentralAuth extension allows improper implementation of autoblocks for suppression blocks. Attackers could bypass account blocks or suppression mechanisms, affecting ...

The CheckUser extension for MediaWiki fails to respect the log_deleted attribute, allowing unauthorized users to view suppressed log information. This affects MediaWiki installations with the CheckUse...

This vulnerability allows cross-site scripting (XSS) attacks in MediaWiki due to improper handling of the escape character (0x1b) in comment parsing. Attackers can inject malicious scripts that execut...

This vulnerability allows attackers to perform unlimited item merging operations in Wikibase, potentially disrupting data integrity and availability. It affects MediaWiki installations with the Wikiba...

This vulnerability in MediaWiki's ApiPageSet.php allows attackers to trigger an infinite loop when querying pages with specific redirect and title conversion parameters, causing denial of service thro...

The SecurePoll extension in MediaWiki through version 1.37.2 contains an information disclosure vulnerability where sorting by timestamp can leak sensitive data. This affects MediaWiki installations w...

This vulnerability allows remote attackers to discover the IP addresses of Wiki visitors through a CSS injection attack. Attackers can embed malicious CSS in wiki pages that forces visitors' browsers ...

This vulnerability allows attackers to cause denial of service by searching for extremely long language names in MediaWiki's Language Name Search feature. It affects MediaWiki installations running vu...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in MediaWiki's MassEditRegex extension. It allows attackers to trick authenticated administrators into performing unauthorized mass...

This vulnerability allows unauthorized users to view private pages on MediaWiki installations configured as private wikis with whitelist read restrictions. Attackers can exploit a flaw in the undo/res...

CVE-2021-41799 is a denial-of-service vulnerability in MediaWiki's ApiQueryBacklinks feature that allows attackers to trigger full table scans, consuming excessive database resources and causing servi...

This vulnerability in MediaWiki's ReplaceText extension allows blocked users to still execute previously submitted text replacement jobs through the job queue. It affects MediaWiki installations using...

This vulnerability in MediaWiki's Loops extension allows attackers to trigger infinite loops through parser functions, causing memory exhaustion and php-fpm hangs. It affects MediaWiki installations w...

This vulnerability in MediaWiki's CentralAuth extension allows attackers to cause denial of service through infinite loops when processing username rename requests with overly long names. It affects M...

This vulnerability in MediaWiki's FileImporter extension allows users with insufficient permissions to upload files when certain relaxed configurations of $wgFileImporterRequiredRight are used. It aff...

This vulnerability in MediaWiki's OAuth extension allows attackers to submit overly long oarc_version parameters, potentially causing buffer overflows or denial of service. It affects MediaWiki instal...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's CodexTablePager component that allows attackers to inject malicious scripts into web pages. It affects all MediaWiki installations run...

The CheckUser extension for MediaWiki has a vulnerability where the Special:Investigate feature can expose suppressed log event information that should remain hidden. This affects MediaWiki administra...

This stored cross-site scripting (XSS) vulnerability in the GuMaxDD skin for MediaWiki allows attackers to inject malicious scripts into top-level menu entries. When users view the affected sidebar me...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the MediaWikiChat extension for MediaWiki. Attackers can trick authenticated users into performing unauthorized actions via the ...

This CSRF vulnerability in the ArticleRatings MediaWiki extension allows attackers to manipulate article rating data without user consent. Attackers can craft malicious links or web pages that, when v...

This stored cross-site scripting (XSS) vulnerability in MediaWiki's Foreground skin allows attackers to inject malicious scripts into top-level menu entries. When users view the sidebar, these scripts...