Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mediawiki — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting mediawiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by mediawiki:mediawikimediawiki (SyntaxHighlight extension)
CVE IDTitleCVSSSeverityPublished
CVE-2023-3550 Stored XSS leads to privilege escalation in MediaWiki v1.40.0 — MediaWikiCWE-79 7.3 High2023-09-25
CVE-2013-1817 MediaWiki 信息泄露漏洞 — mediawiki 7.5 -2019-11-20
CVE-2013-1816 MediaWiki 输入验证错误漏洞 — mediawiki 7.5 -2019-11-20
CVE-2012-0046 MediaWiki 信息泄露漏洞 — mediawiki 7.5 -2019-10-29
CVE-2018-0503 $wgRateLimits entry for 'user' overrides 'newbie' — mediawiki 4.3 -2018-10-04
CVE-2018-0504 Information disclosure in Special:Redirect/logid — mediawiki 6.5 -2018-10-04
CVE-2018-0505 BotPasswords can bypass CentralAuth's account lock — mediawiki 6.5 -2018-10-04
CVE-2018-13258 Tarball was missing .htaccess files — mediawiki 5.3 -2018-10-04
CVE-2017-0361 api.log contains passwords in plaintext — mediawiki 7.1 -2018-04-13
CVE-2017-0362 "Mark all pages visited" on the watchlist does not require a CSRF token — mediawiki 8.8 -2018-04-13
CVE-2017-0363 Special:UserLogin?returnto=interwiki:foo will redirect to external sites — mediawiki 6.1 -2018-04-13
CVE-2017-0364 Special:Search allows redirects to any interwiki link — mediawiki 6.1 -2018-04-13
CVE-2017-0365 XSS in SearchHighlighter::highlightText() [requires non-default config] — mediawiki 6.1 -2018-04-13
CVE-2017-0366 SVG filter evasion using default attribute values in DTD declaration — mediawiki 5.4 -2018-04-13
CVE-2017-0367 Having LocalisationCache directory default to system tmp directory is insecure — mediawiki 7.8 -2018-04-13
CVE-2017-0368 Make rawHTML mode not apply to system messages — mediawiki 5.3 -2018-04-13
CVE-2017-0369 Sysops can undelete pages, although the page is protected against it — mediawiki 6.5 -2018-04-13
CVE-2017-0370 Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter — mediawiki 5.3 -2018-04-13
CVE-2017-0372 Parameters injection in SyntaxHighlight results in multiple vulnerabilities — mediawiki (SyntaxHighlight extension) 9.8 -2018-04-13

This page lists every published CVE security advisory associated with mediawiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.