Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

miraheze — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting miraheze. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by miraheze:CreateWikiManageWikiGlobalNewFilesDataDumpWikiDiscoverImportDumpTSPortalIncidentReportingDiscordNotifications
CVE IDTitleCVSSSeverityPublished
CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service — TSPortalCWE-400 6.5 Medium2026-03-26
CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user — TSPortalCWE-283 6.5 -2026-03-06
CVE-2025-53371 DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs — DiscordNotificationsCWE-400 9.1 Critical2025-07-10
CVE-2025-43861 ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection — ManageWikiCWE-79 4.4 Medium2025-04-24
CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions — ManageWikiCWE-285 4.6 Medium2025-04-22
CVE-2025-32956 ManageWiki has SQL injection vulnerability in NamespaceMigrationJob — ManageWikiCWE-89 8.0 High2025-04-21
CVE-2024-47815 Cross-site Scripting in IncidentReporting — IncidentReportingCWE-79 6.0 Medium2024-10-09
CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump — ImportDumpCWE-282 6.4 Medium2024-10-09
CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump — ImportDumpCWE-79 6.0 Medium2024-10-09
CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki — CreateWikiCWE-79 5.4 -2024-10-07
CVE-2024-47782 Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover — WikiDiscoverCWE-79 7.6 High2024-10-07
CVE-2024-47612 XSS in Special:DataDump when displaying dump status — DataDumpCWE-79 3.5 Low2024-10-02
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester — CreateWikiCWE-863 5.9 Medium2024-05-13
CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis — CreateWikiCWE-200 4.9 Medium2024-03-28
CVE-2024-29897 CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki` — CreateWikiCWE-200 4.9 Medium2024-03-28
CVE-2024-29883 CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor — CreateWikiCWE-200 4.9 Medium2024-03-26
CVE-2024-25109 Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki — ManageWikiCWE-79 6.5 Medium2024-02-09
CVE-2024-25107 Cross-Site Scripting in WikiDiscover — WikiDiscoverCWE-79 4.9 Medium2024-02-08
CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki — CreateWikiCWE-288 5.3 Medium2022-04-04
CVE-2021-39186 Improper Input Validation in GlobalNewFiles — GlobalNewFilesCWE-20 4.3 Medium2021-09-01
CVE-2021-32774 Cross-Site Request Forgery (CSRF) in DataDump — DataDumpCWE-352 6.1 Medium2021-07-20
CVE-2021-32722 Uncontrolled Resource Consumption in GlobalNewFiles — GlobalNewFilesCWE-400 6.5 Medium2021-06-28
CVE-2021-29483 wikiconfig API leaked private config variables set through ManageWiki — ManageWikiCWE-200 9.4 Critical2021-04-28

This page lists every published CVE security advisory associated with miraheze. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.