Search for packages
| purl | pkg:alpm/archlinux/mediawiki@1.36.1-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3tye-xqmf-aaaa
Aliases: CVE-2021-41798 |
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. |
Affected by 0 other vulnerabilities. |
|
VCID-7kgb-jke8-aaan
Aliases: CVE-2021-41801 |
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) |
Affected by 0 other vulnerabilities. |
|
VCID-ah5y-k5sb-aaap
Aliases: CVE-2021-41800 GHSA-c8wv-qwwc-6j73 |
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. |
Affected by 0 other vulnerabilities. |
|
VCID-fbrx-yzny-aaae
Aliases: CVE-2021-41799 |
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9cq6-c3xb-aaam | In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented). |
CVE-2021-35197
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:46:32.799956+00:00 | Arch Linux Importer | Fixing | VCID-9cq6-c3xb-aaam | https://security.archlinux.org/AVG-2093 | 36.0.0 |
| 2025-03-28T07:46:27.410179+00:00 | Arch Linux Importer | Affected by | VCID-3tye-xqmf-aaaa | https://security.archlinux.org/AVG-2434 | 36.0.0 |
| 2025-03-28T07:46:27.391548+00:00 | Arch Linux Importer | Affected by | VCID-fbrx-yzny-aaae | https://security.archlinux.org/AVG-2434 | 36.0.0 |
| 2025-03-28T07:46:27.372851+00:00 | Arch Linux Importer | Affected by | VCID-ah5y-k5sb-aaap | https://security.archlinux.org/AVG-2434 | 36.0.0 |
| 2025-03-28T07:46:27.354028+00:00 | Arch Linux Importer | Affected by | VCID-7kgb-jke8-aaan | https://security.archlinux.org/AVG-2434 | 36.0.0 |
| 2024-09-18T02:01:50.938320+00:00 | Arch Linux Importer | Fixing | VCID-9cq6-c3xb-aaam | https://security.archlinux.org/AVG-2093 | 34.0.1 |
| 2024-09-18T02:01:43.754930+00:00 | Arch Linux Importer | Affected by | VCID-3tye-xqmf-aaaa | https://security.archlinux.org/AVG-2434 | 34.0.1 |
| 2024-09-18T02:01:43.670512+00:00 | Arch Linux Importer | Affected by | VCID-fbrx-yzny-aaae | https://security.archlinux.org/AVG-2434 | 34.0.1 |
| 2024-09-18T02:01:43.584486+00:00 | Arch Linux Importer | Affected by | VCID-ah5y-k5sb-aaap | https://security.archlinux.org/AVG-2434 | 34.0.1 |
| 2024-09-18T02:01:43.460871+00:00 | Arch Linux Importer | Affected by | VCID-7kgb-jke8-aaan | https://security.archlinux.org/AVG-2434 | 34.0.1 |
| 2024-01-03T22:27:55.753713+00:00 | Arch Linux Importer | Fixing | VCID-9cq6-c3xb-aaam | https://security.archlinux.org/AVG-2093 | 34.0.0rc1 |
| 2024-01-03T22:27:49.531809+00:00 | Arch Linux Importer | Affected by | VCID-3tye-xqmf-aaaa | https://security.archlinux.org/AVG-2434 | 34.0.0rc1 |
| 2024-01-03T22:27:49.512792+00:00 | Arch Linux Importer | Affected by | VCID-fbrx-yzny-aaae | https://security.archlinux.org/AVG-2434 | 34.0.0rc1 |
| 2024-01-03T22:27:49.493669+00:00 | Arch Linux Importer | Affected by | VCID-ah5y-k5sb-aaap | https://security.archlinux.org/AVG-2434 | 34.0.0rc1 |
| 2024-01-03T22:27:49.474408+00:00 | Arch Linux Importer | Affected by | VCID-7kgb-jke8-aaan | https://security.archlinux.org/AVG-2434 | 34.0.0rc1 |