Shodan
Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  Security Vulnerabilities
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40599
An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40600
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40601
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40602
An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40603
An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40604
An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40605
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-34500
An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-05-05
CVE-2024-34502
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved