Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (7)
| Vulnerability |
Summary |
Aliases |
|
VCID-2xja-2whv-fqe4
|
mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression
|
CVE-2023-45362
|
|
VCID-c7bg-91ab-33b4
|
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.
|
CVE-2023-45364
|
|
VCID-ea7c-xk4h-13fs
|
mediawiki: stored XSS leads to privilege escalation
|
CVE-2023-3550
|
|
VCID-jm7q-2w3j-buhh
|
MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
|
CVE-2023-45363
GHSA-w5fx-cx7f-6vr9
|
|
VCID-pp1z-ybpu-xbby
|
An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages.
|
CVE-2023-45361
|
|
VCID-rn3q-78tk-w3am
|
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.
|
CVE-2023-45359
|
|
VCID-zj5a-p9u4-ducw
|
mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages
|
CVE-2023-45360
|