MediaWiki — Vulnerabilities & Security Advisories 58

All 58 CVE vulnerabilities found in MediaWiki, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-32698	LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions CWE-200	7.5^AI	High^AI	2025-04-10
CVE-2025-32697	Cascading protection is not preventing file reversions CWE-281	8.2^AI	High^AI	2025-04-10
CVE-2025-32696	"reupload-own" restriction can be bypassed by reverting file CWE-281	7.5^AI	High^AI	2025-04-10
CVE-2025-3469	i18n XSS vulnerability in HTMLMultiSelectField when sections are used CWE-79	6.1^AI	Medium^AI	2025-04-10
CVE-2023-3550	Stored XSS leads to privilege escalation in MediaWiki v1.40.0 CWE-79	7.3	High	2023-09-25
CVE-2012-4381	MediaWiki 信任管理问题漏洞	8.1	-	2020-02-08
CVE-2013-4572	MediaWiki 授权问题漏洞	9.8	-	2020-02-06
CVE-2013-6451	MediaWiki 跨站脚本漏洞	6.1	-	2020-01-28
CVE-2013-6455	MediaWiki CentralAuth 信息泄露漏洞	5.3	-	2020-01-28
CVE-2013-4303	MediaWiki 跨站脚本漏洞	6.1	-	2019-12-11
CVE-2013-1817	MediaWiki 信息泄露漏洞	7.5	-	2019-11-20
CVE-2013-1816	MediaWiki 输入验证错误漏洞	7.5	-	2019-11-20
CVE-2013-1951	MediaWiki 跨站脚本漏洞	6.1	-	2019-10-31
CVE-2012-0046	MediaWiki 信息泄露漏洞	7.5	-	2019-10-29
CVE-2018-0505	BotPasswords can bypass CentralAuth's account lock	6.5	-	2018-10-04
CVE-2018-0503	$wgRateLimits entry for 'user' overrides 'newbie'	4.3	-	2018-10-04
CVE-2018-0504	Information disclosure in Special:Redirect/logid	6.5	-	2018-10-04
CVE-2018-13258	Tarball was missing .htaccess files	5.3	-	2018-10-04
CVE-2017-0365	XSS in SearchHighlighter::highlightText() [requires non-default config]	6.1	-	2018-04-13
CVE-2017-0364	Special:Search allows redirects to any interwiki link	6.1	-	2018-04-13
CVE-2017-0363	Special:UserLogin?returnto=interwiki:foo will redirect to external sites	6.1	-	2018-04-13
CVE-2017-0362	"Mark all pages visited" on the watchlist does not require a CSRF token	8.8	-	2018-04-13
CVE-2017-0361	api.log contains passwords in plaintext	7.1	-	2018-04-13
CVE-2017-0366	SVG filter evasion using default attribute values in DTD declaration	5.4	-	2018-04-13
CVE-2017-0367	Having LocalisationCache directory default to system tmp directory is insecure	7.8	-	2018-04-13
CVE-2017-0368	Make rawHTML mode not apply to system messages	5.3	-	2018-04-13
CVE-2017-0369	Sysops can undelete pages, although the page is protected against it	6.5	-	2018-04-13
CVE-2017-0370	Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter	5.3	-	2018-04-13

All 58 known CVE vulnerabilities affecting MediaWiki with full Chinese analysis, references, and POCs where available.

Support Us — Your donation helps us keep running

MediaWiki — Vulnerabilities & Security Advisories 58