mediawiki

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes...

A security issue has been found in MediaWiki before version 1.36.2. ReplaceText continues performing actions if the user no longer has the correct...

A denial of service vulnerability in Special:Contributions has been found in MediaWiki before version 1.36.2.

A security issue has been found in MediaWiki before version 1.36.2. ApiQueryBacklinks can cause a full table scan, leading to high resource consumption.

A cross-site scripting vulnerability in Special:Search has been found in MediaWiki before version 1.36.2.

A security issue has been found in MediaWiki before version 1.36.1 that allows blocked users to purge pages.

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will...

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in...

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has...

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and...

An issue was discovered in MediaWiki on the master branch. Special:Contributions can leak that a "hidden" user exists.

n issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct...

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics- header-* messages...

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ApiVisualEditor can leak that a "hidden" user exists.

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is...

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have...

A security issue was found in python-pygments version 1.5 up to 2.7.3. When the SMLLexer gets fed the string "exception", it loops indefinitely, leading to...

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden...

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the...

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via...

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page,...

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits...

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of...

A security issue has been found in mediawiki < 1.31.1 where the tarball is missing .htaccess files used to protect some directories that shouldn't be web accessible.

A security issue has been found in mediawiki < 1.31.1 where BotPassword can bypass CentralAuth's account lock.

A security issue has been found in the rate limiting feature of mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits entry for 'user'...

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning...

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule...

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute...

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed...

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends...

The SyntaxHighlight extension in MediaWiki before 1.28.1 does not properly validate the 'start' parameter before passing it to Pygments.

The spam blacklist in MediaWiki before 1.28.1 could be bypassed by encoding URLs inside a file inclusion syntax's link parameter.

In MediaWiki < 1.28.1, a normal sysop that doesn't have the necessary rights to override a page protection can still recreate it by restoring a former...

MediaWiki < 1.28.1 did not properly mark system messages as raw HTML, hence not properly escaping it.

MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code...

MediaWiki < 1.28.1 did not properly filter the DTD declaration when a SVG file was uploaded, leading to a persistent XSS.

SearchHighlighter::removeWiki() uses a regex to remove html from snippets. The regex - /<\/?[^>]+>/ assumes that html is well-formed. As a result when using...

The Special:Search page in MediaWiki < 1.28.1 has an open redirect issue.

The Special:UserLogin page in MediaWiki < 1.28.1 has an open redirect issue.

MediaWiki before 1.18.1 did not require a CSRF token for the "Mark all pages visited" action on the watchlist.

MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.

MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs.