Shodan
Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  >> 1.39.15  Security Vulnerabilities
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)
CVSS Score
4.3
EPSS Score
0.003
Published
2024-07-07
CVE-2024-40599
An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-07-07
CVE-2024-40600
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-07-07
CVE-2024-40601
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-07-07
CVE-2024-40602
An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-07-07
CVE-2024-40603
An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-07-07
CVE-2024-40604
An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-07-07
CVE-2024-40605
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-07-07
CVE-2024-23177
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-01-12
CVE-2024-23178
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-01-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved