CRITICAL9.8CVE-2024-34502An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. from 0, < 1.41.1
CRITICAL9.8CVE-2020-10534In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked… from 0, < 1.34.1
CRITICAL9.8CVE-2021-31556An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. from 0, < 1.35.3
CRITICAL9.8An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36.
from 0, < 1.36.1
CRITICAL9.8An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
from 0, < 1.36.1
CRITICAL9.8An issue was discovered in MediaWiki through 1.37.1.
from 0, < 1.37.2
CRITICAL9.8An issue was discovered in MediaWiki through 1.37.1.
from 0, < 1.37.2
CRITICAL9.8An issue was discovered in Mediawiki through 1.37.1.
from 0, < 1.37.2
CRITICAL9.8The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with ce…
from 0, < 1.37.3
CRITICAL9.8The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check…
from 0, < 1.37.3
CRITICAL9.8An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
from 0, < 1.39.4
CRITICAL9.8mediawiki - security update
from 0, < 1.35.10, >= 1.36.0, < 1.38.6, >= 1.39.0, < 1.39.3
HIGH8.8The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF…
from 0, < 1.35.1
HIGH8.8An issue was discovered in the Widgets extension for MediaWiki through 1.35.1.
from 0, < 1.35.2
HIGH8.8An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1.
from 0, < 1.35.2
HIGH8.8An issue was discovered in the FileImporter extension in MediaWiki through 1.36.
from 0, < 1.36.1
HIGH8.8An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
HIGH8.8The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control.
from 0, < 1.31.16, >= 1.35.0, < 1.35.4, >= 1.36.0, < 1.36.2
HIGH7.5An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1.
from 0, < 1.44.0
HIGH7.5mediawiki - security update
from 0, < 1.41.1
HIGH7.5An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
from 0, < 1.31.10, >= 1.32.0, < 1.34.4
HIGH7.5An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
from 0, < 1.34.4
HIGH7.5The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclos…
from 0, < 1.35.1
HIGH7.5An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1.
from 0, < 1.35.2
HIGH7.5An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
from 0, < 1.35.3
HIGH7.5An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
from 0, < 1.36.1
HIGH7.5An issue was discovered in MediaWiki through 1.36.2.
from 0, < 1.36.3
HIGH7.5An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
HIGH7.5A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2.
>= 1.37.0, < 1.37.2
HIGH7.5An issue was discovered in MediaWiki through 1.37.2.
from 0, < 1.37.3
HIGH7.5An issue was discovered in MediaWiki through 1.38.1.
from 0, < 1.38.2
HIGH7.5An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40…
from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
HIGH7.5The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.p…
HIGH7.5MediaWiki Denial of Service vulnerability
from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
HIGH7.5A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
from 0, < 1.35.6, >= 1.36.0, < 1.36.4, >= 1.37.0, < 1.37.2
HIGH7.5OATHAuth extension in MediaWiki is not implementing rate limit
from 0, < 1.31.10, >= 1.32.0, < 1.34.4
HIGH7.5mediawiki - security update
from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
HIGH7.5MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
from 0, < 1.36.2
HIGH7.5mediawiki - security update
from 0, < 1.31.15, >= 1.32.0, < 1.35.3, >= 1.36.0, < 1.36.1
HIGH7.5mediawiki - security update
from 0, < 1.35.1
HIGH7.4An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before…
from 0, < 1.41.1
HIGH7.3mediawiki - security update
>= 1.40.0, < 1.40.1
MEDIUM6.5An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1.
from 0, < 1.44.0
MEDIUM6.5An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
from 0, < 1.35.3
MEDIUM6.5An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2.
from 0, < 1.35.3
MEDIUM6.5An issue was discovered in the Translate extension in MediaWiki through 1.36.2.
from 0, < 1.36.3
MEDIUM6.5An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
MEDIUM6.5An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
from 0, < 1.39.4
MEDIUM6.5An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.4…
from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
MEDIUM6.5mediawiki - security update
from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
MEDIUM6.1MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability
from 0, < 1.41.1
MEDIUM6.1XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replace…
from 0, < 1.34.4
MEDIUM6.1An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1.
from 0, < 1.35.2
MEDIUM6.1The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget temp…
>= 1.35.0, < 1.35.1
MEDIUM6.1An issue was discovered in the PageForms extension for MediaWiki through 1.35.2.
from 0, < 1.35.3
MEDIUM6.1An issue was discovered in CentralAuth in MediaWiki through 1.36.2.
from 0, < 1.36.3
MEDIUM6.1An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2.
from 0, < 1.36.3
MEDIUM6.1An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2.
from 0, < 1.36.3
MEDIUM6.1In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 forma…
from 0, < 1.37.1
MEDIUM6.1In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-informat…
from 0, < 1.3.8
MEDIUM6.1In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
from 0, < 1.37.1
MEDIUM6.1The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
from 0, < 1.37.3
MEDIUM6.1An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
MEDIUM6.1An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3.
from 0, < 1.39.4
MEDIUM6.1An issue was discovered in the Cargo extension for MediaWiki through 1.39.3.
from 0, < 1.39.4
MEDIUM6.1An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.
from 0, < 1.39.4
MEDIUM6.1An issue was discovered in the Cargo extension for MediaWiki through 1.39.3.
from 0, < 1.39.4
MEDIUM6.1An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before…
from 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1
MEDIUM6.1An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2.
from 0, < 1.41.1
MEDIUM6.1An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2.
from 0, < 1.41.1
MEDIUM6.1MediaWiki Cargo Extension Cross-site Scripting vulnerability
from 0, < 1.41.1
MEDIUM6.1mediawiki - security update
from 0, < 1.35.14, >= 1.36.0, < 1.39.6, >= 1.40.0, < 1.40.2
MEDIUM6.1MediaWiki Cross-site Scripting vulnerability
from 0, < 1.39.4
MEDIUM6.1An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4.
from 0, < 1.35.11, >= 1.36.0, < 1.38.7, >= 1.39.0, < 1.39.4
MEDIUM6.1An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1.
from 0, < 1.37.3, >= 1.38.0, < 1.38.1
MEDIUM6.1An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1.
from 0, < 1.35.7, >= 1.36.0, < 1.37.3, >= 1.38.0, < 1.38.1
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
>= 1.32.0, < 1.34.4
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
>= 1.31.10, < 1.31.11, >= 1.32.0, < 1.34.4
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
from 0, < 1.31.10, >= 1.32.0, < 1.34.4
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
>= 1.34.0, < 1.34.4
MEDIUM6.1MediaWiki Open Redirect vulnerability
from 0, < 1.35.0
MEDIUM6.1An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
from 0, < 1.35.6, >= 1.36.0, < 1.36.4, >= 1.37.0, < 1.37.2
MEDIUM6.1MediaWiki before 1.36.2 allows XSS.
from 0, < 1.36.2
MEDIUM6.1An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1.31.12, >= 1.32.0, < 1.35.2
MEDIUM6.1An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1.31.12, >= 1.32.0, < 1.35.2
MEDIUM6.1MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
>= 1.12.0, < 1.35.1
MEDIUM6.1MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
>= 1.33.0, < 1.35.1
MEDIUM6.1In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentch…
from 0, < 1.35.1
MEDIUM5.5mediawiki - security update
from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
MEDIUM5.4The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data.
from 0, < 1.35.1
MEDIUM5.4The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or S…
from 0, < 1.35.1
MEDIUM5.4An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2.
from 0, < 1.35.3
MEDIUM5.4An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
from 0, < 1.35.3
MEDIUM5.4An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
from 0, < 1.35.3
MEDIUM5.4An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2.
from 0, < 1.36.3
MEDIUM5.4An issue was discovered in the Growth extension in MediaWiki through 1.36.2.
from 0, < 1.36.3
MEDIUM5.4An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
from 0, < 1.35.5, >= 1.36.0, < 1.36.3, >= 1.37.0, < 1.37.1
MEDIUM5.4An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
from 0, < 1.35.9, >= 1.36.0, < 1.38.5, >= 1.39.0, < 1.39.1
MEDIUM5.4An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3.
from 0, < 1.39.4
MEDIUM5.4An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before…
from 0, < 1.41.1