Shodan
Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  >> 1.39.6  Security Vulnerabilities
CVE-2024-40602
An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40603
An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40604
An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-40605
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-07
CVE-2024-34506
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-05-05
CVE-2024-34507
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.
CVSS Score
7.4
EPSS Score
0.004
Published
2024-05-05
CVE-2024-23177
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-01-12
CVE-2024-23178
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-01-12
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-01-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved