CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mediawiki » Mediawiki » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-34912 2022-07-02 2022-07-12
4.3
None Remote Medium Not required None Partial None
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
2 CVE-2022-34911 79 XSS 2022-07-02 2022-07-12
4.3
None Remote Medium Not required None Partial None
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().
3 CVE-2022-34750 770 2022-06-28 2022-07-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.
4 CVE-2022-29907 79 XSS 2022-04-29 2022-05-07
4.3
None Remote Medium Not required None Partial None
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
5 CVE-2022-29906 863 2022-04-29 2022-05-10
7.5
None Remote Low Not required Partial Partial Partial
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
6 CVE-2022-29905 352 CSRF 2022-04-29 2022-05-10
4.3
None Remote Medium Not required None Partial None
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.
7 CVE-2022-29904 89 Sql 2022-04-29 2022-05-10
7.5
None Remote Low Not required Partial Partial Partial
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
8 CVE-2022-29903 352 CSRF 2022-04-29 2022-05-10
4.3
None Remote Medium Not required None Partial None
The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.
9 CVE-2022-28323 2022-04-30 2022-05-10
5.0
None Remote Low Not required Partial None None
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
10 CVE-2022-28209 2022-03-30 2022-04-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
11 CVE-2022-28206 2022-03-30 2022-04-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
12 CVE-2022-28205 2022-03-30 2022-04-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
13 CVE-2022-28202 79 XSS 2022-03-30 2022-06-26
4.3
None Remote Medium Not required None Partial None
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
14 CVE-2021-46150 79 XSS 2022-01-10 2022-01-13
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.
15 CVE-2021-46149 400 DoS 2022-01-10 2022-01-13
5.0
None Remote Low Not required None None Partial
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.
16 CVE-2021-46148 200 +Info 2022-01-10 2022-01-13
4.0
None Remote Low ??? Partial None None
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.
17 CVE-2021-46147 352 CSRF 2022-01-10 2022-01-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF.
18 CVE-2021-46146 79 XSS 2022-01-10 2022-01-13
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.
19 CVE-2021-45474 79 XSS 2021-12-24 2022-02-05
4.3
None Remote Medium Not required None Partial None
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
20 CVE-2021-45473 79 XSS 2021-12-24 2022-02-07
4.3
None Remote Medium Not required None Partial None
In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).
21 CVE-2021-45472 79 XSS 2021-12-24 2022-02-07
4.3
None Remote Medium Not required None Partial None
In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.
22 CVE-2021-45471 2021-12-24 2022-02-07
5.0
None Remote Low Not required None Partial None
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
23 CVE-2021-45038 200 +Info 2021-12-17 2021-12-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.
24 CVE-2021-44858 276 2021-12-20 2021-12-29
5.0
None Remote Low Not required Partial None None
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.
25 CVE-2021-44857 862 2021-12-17 2022-07-12
4.0
None Remote Low ??? None Partial None
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.
26 CVE-2021-42044 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
27 CVE-2021-42043 79 XSS 2021-10-06 2021-10-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.
28 CVE-2021-42042 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
29 CVE-2021-42041 79 XSS 2021-10-06 2021-10-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.
30 CVE-2021-42040 835 2021-10-06 2021-10-14
5.0
None Remote Low Not required None None Partial
An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.
31 CVE-2021-41801 2021-10-11 2022-07-12
6.5
None Remote Low ??? Partial Partial Partial
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)
32 CVE-2021-41800 770 DoS 2021-10-11 2021-11-28
5.0
None Remote Low Not required None None Partial
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
33 CVE-2021-41799 770 DoS 2021-10-11 2021-11-26
5.0
None Remote Low Not required None None Partial
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
34 CVE-2021-41798 79 XSS 2021-10-11 2021-11-26
4.3
None Remote Medium Not required None Partial None
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
35 CVE-2021-36132 863 2021-07-02 2021-07-07
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform.
36 CVE-2021-36131 79 XSS 2021-07-02 2021-07-07
3.5
None Remote Medium ??? None Partial None
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.
37 CVE-2021-36130 79 XSS 2021-07-02 2021-07-07
3.5
None Remote Medium ??? None Partial None
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users.
38 CVE-2021-36129 732 2021-07-02 2021-07-07
4.0
None Remote Low ??? None Partial None
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.
39 CVE-2021-36128 755 2021-07-02 2022-07-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.
40 CVE-2021-36127 922 2021-07-02 2021-07-07
4.0
None Remote Low ??? Partial None None
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).
41 CVE-2021-36126 2021-07-02 2021-07-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user.
42 CVE-2021-36125 835 DoS 2021-07-02 2021-07-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).
43 CVE-2021-35197 863 2021-07-02 2022-07-12
5.0
None Remote Low Not required None Partial None
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).
44 CVE-2021-31556 327 2021-08-12 2021-11-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.
45 CVE-2021-31555 20 2021-04-22 2021-04-22
5.0
None Remote Low Not required None Partial None
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.
46 CVE-2021-31554 863 2021-04-22 2022-07-12
5.5
None Remote Low ??? Partial Partial None
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.
47 CVE-2021-31553 428 DoS 2021-04-22 2021-04-22
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
48 CVE-2021-31552 863 2021-04-22 2022-07-12
5.5
None Remote Low ??? Partial Partial None
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.
49 CVE-2021-31551 79 XSS 2021-04-22 2021-04-22
4.3
None Remote Medium Not required None Partial None
An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.
50 CVE-2021-31550 79 XSS 2021-04-22 2021-04-27
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.
Total number of vulnerabilities : 229   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.