MediaWiki versions 1.22.1 and below PdfHandler remote code execution exploit.
b8f79be011bdbd02e08ab7955ce6c1818acfb3f8c4507dda03c263a152a80c2f
Red Hat Security Advisory 2019-3142-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an updated mediawiki RPM package for Red Hat OpenShift Container Platform 3.11. Issues addressed include a bypass vulnerability.
e5e031b07640213b46f65b0f99cb1a6d22ed61d12b0afcd8993027a51e1b032c
MediaWiki OAuth2 Client version 0.3 suffers from a cross site request forgery vulnerability.
6e48cd8cf1d9a26b8a4e22f9f4f28eff68bfe3e70f0be93be0515ac11022f598
Debian Linux Security Advisory 4460-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which may result in authentication bypass, denial of service, cross-site scripting, information disclosure and bypass of anti-spam measures.
7a55a21890bc3aee34c8780e72fea6d81181006a290af0fbd95c42ec904669de
Debian Linux Security Advisory 4301-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which result in incorrectly configured rate limits, information disclosure in Special:Redirect/logid and bypass of an account lock.
439497296bcabf43eca77a25b4db04d9ab5820e54900dd9b1e12dc98eea02fcf
Debian Linux Security Advisory 4036-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work.
92051c71c5e7f3b02542f455970863face0fe5ba0e836ff5631021494f14badc
This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.
42e48276927339958a36dbb2f1b6e10a0ccdc795bdf63b73b3596ebd982b5dac
A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.
50546f158305a6607d2ea38624dad8d3ab66ba8a94154dea7e2eb2e025f51253
Gentoo Linux Security Advisory 201510-5 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to cause a Denial of Service. Versions less than 1.25.2 are affected.
3d8836f5ef2ab0649b4948144dfd99b4cff01decdd6a361e8f73fd93f2e2ecaf
Mandriva Linux Security Advisory 2015-200 - In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScript using animate elements was incorrect. In MediaWiki before 1.23.9, a stored XSS vulnerability exists due to the way attributes were expanded in MediaWiki's Html class, in combination with LanguageConverter substitutions. In MediaWiki before 1.23.9, MediaWiki's SVG filtering could be bypassed with entity encoding under the Zend interpreter. This could be used to inject JavaScript. In MediaWiki before 1.23.9, one could bypass the style filtering for SVG files to load external resources. This could violate the anonymity of users viewing the SVG. In MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for password hashing are vulnerable to DoS attacks using extremely long passwords. In MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic Blowup DoS attacks, under both HHVM and Zend PHP. In MediaWiki before 1.23.9, the MediaWiki feature allowing a user to preview another user's custom JavaScript could be abused for privilege escalation. In MediaWiki before 1.23.9, function names were not sanitized in Lua error backtraces, which could lead to XSS. In MediaWiki before 1.23.9, the CheckUser extension did not prevent CSRF attacks on the form allowing checkusers to look up sensitive information about other users. Since the use of CheckUser is logged, the CSRF could be abused to defame a trusted user or flood the logs with noise. The mediawiki package has been updated to version 1.23.9, fixing these issues and other bugs.
c05a9bf44b7022507d18ce0ec9c0141893f532647d6ceb31d6d5e71882e345bf
Gentoo Linux Security Advisory 201502-4 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1.23.8 are affected.
704af9a91a2aea64b538f4720a85bdb013ce9b13608e52b9e5fa6b57e832eefd
Mandriva Linux Security Advisory 2015-006 - In MediaWiki before 1.23.8, thumb.php outputs wikitext message as raw HTML, which could lead to cross-site scripting. Permission to edit MediaWiki namespace is required to exploit this. In MediaWiki before 1.23.8, a malicious site can bypass CORS restrictions in in API calls if it only included an allowed domain as part of its name.
55f965d16acb8a2eefac29ea499bb7a7659ddc1f8dcd15b64b55cea75c3d18b0
Debian Linux Security Advisory 3110-1 - A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs wikitext messages as raw HTML, potentially leading to cross-site scripting (XSS).
4a74d04ee20e7ea3b6e4c01a0dfaa2401913310db6eea5435a6542e7f095ea52
Mandriva Linux Security Advisory 2014-198 - MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specificed CSS in certain special pages.
203ecd5d429b9db3c2d9984f8a0ecef47d2012f052b9ba15d8080f4757f1211c
Debian Linux Security Advisory 3046-1 - It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.
a8c028bd8f5b773c2db161c0427d597f71d4ffad2009685a807ddd29f797ca7b
Debian Linux Security Advisory 3036-1 - It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting.
031db5fef5a40b83c3d7dbe498d63b05566f4feaddd502aa306ab324b04e7cc6
Debian Linux Security Advisory 3011-1 - It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.
c093fa7246682f73827de1c6b9f5ff7e4aee631748170883f9576b67e222827d
Mandriva Linux Security Advisory 2014-153 - MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash, XSS in mediawiki.page.image.pagination.js, and clickjacking between OutputPage and ParserOutput. This update provides MediaWiki 1.23.2, fixing these and other issues.
513361c65ef5d99f22a6620ffae991735d389fc7a0080d6d37d97c6015739699
Debian Linux Security Advisory 2957-1 - Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack.
19b4e0e8cff7a78116f8653d8bbc33fdb71622b5dead1492c49e96bcb9629e9f
Mandriva Linux Security Advisory 2014-119 - XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary.
a1992ff84b104e35deccf903a719347089e5ad68eb7da559aca1b6174e9da33c
Mandriva Linux Security Advisory 2014-083 - Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity. XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action. MediaWiki has been updated to version 1.22.6, fixing this and other issues.
5a6c7bc4a4b122fb358c0ade3b8277baa7f5e4453ec69320728a2f11b9ceabbf
Debian Linux Security Advisory 2891-3 - The Mediawiki update issued as DSA 2891-1 caused regressions. This update fixes those problems.
f4c93e740a251c7b3e60a20bbabc1c65f7a49c750380dbd5a2a67ee2e253ae01
Debian Linux Security Advisory 2891-1 - Several vulnerabilities were discovered in MediaWiki, a wiki engine.
cd5776f1a1d81c9161dcf857098c8b2d1dd8f0ecc0834c564f76e6445537d711
Debian Linux Security Advisory 2891-2 - In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem.
9f5bf02fc06867cb3e9bab406d4c6f55a8099580c8d026245672cf4672def2a2
Mandriva Linux Security Advisory 2014-057 - MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript. During internal review, it was discovered that MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid. During internal review, it was discovered that MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists. Netanel Rubin from Check Point discovered a remote code execution vulnerability in MediaWiki's thumbnail generation for DjVu files. Internal review also discovered similar logic in the PdfHandler extension, which could be exploited in a similar way. MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files using non-whitelisted namespaces. MediaWiki before 1.22.3 performs token comparison that may be vulnerable to timing attacks. This was fixed by making token comparison use constant time. MediaWiki before 1.22.3 could allow an attacker to perform XSS attacks, due to flaw with link handling in api.php. This was fixed such that it won't find links in the middle of api.php links. MediaWiki has been updated to version 1.22.3, which fixes these issues, as well as several others. Also, the mediawiki-ldapauthentication and mediawiki-math extensions have been updated to newer versions that are compatible with MediaWiki 1.22. Additionally, the mediawiki-graphviz extension has been obsoleted, due to the fact that it is unmaintained upstream and is vulnerable to cross-site scripting attacks. Note: if you were using the instances feature in these packages to support multiple wiki instances, this feature has now been removed. You will need to maintain separate wiki instances manually.
69370204ce4cd8a16085a03afcffcb4b941504c2ffd0f56cd8dde6210167c57b
Mediawiki version 1.18.0 suffers from a new file creation source path disclosure vulnerability.
5675a27b5908d6b27fa04c43090945ec656da5d0db68fcd7d5da9bbfe406ac0a