Latest Security News about mediawiki

Centreon up to 20.04.13/20.10.7/21.04.1 MediaWiki Script ProceduresProxy.class.php host_name/service_description sql injection

A vulnerability was found in Centreon up to 20.04.13/20.10.7/21.04.1 and classified as critical. This issue affects some unknown processing of the file class/centreon-knowledge/ProceduresProxy.class.php of the component MediaWiki Script. Upgrading to version 20.04.14, 20.10.8 or 21.04.2 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is […]

MediaWiki up to 1.36 Special:GlobalRenameRequest infinite loop

A vulnerability was found in MediaWiki up to 1.36 (Content Management System). It has been rated as problematic. This issue affects an unknown part of the file Special:GlobalRenameRequest. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

MediaWiki up to 1.36 CentralAuth Extension unknown vulnerability

A vulnerability, which was classified as critical, has been found in MediaWiki up to 1.36 (Content Management System). Affected by this issue is some unknown processing of the component CentralAuth Extension. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an […]

MediaWiki up to 1.36 Translate Extension denial of service

A vulnerability, which was classified as problematic, was found in MediaWiki up to 1.36 (Content Management System). This affects an unknown function of the component Translate Extension. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

MediaWiki up to 1.36 SocialProfile Extension cross site scripting

A vulnerability classified as problematic has been found in MediaWiki up to 1.36 (Content Management System). This affects some unknown processing of the component SocialProfile Extension. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

MediaWiki up to 1.36 SportsTeams Extension cross site scripting

A vulnerability classified as problematic was found in MediaWiki up to 1.36 (Content Management System). This vulnerability affects an unknown function of the component SportsTeams Extension. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

GlobalNewFiles on MediaWiki Large Page resource consumption

A vulnerability classified as problematic was found in GlobalNewFiles on MediaWiki (affected version unknown). Affected by this vulnerability is some unknown functionality of the component Large Page Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

MediaWiki Multiple XSS vulnerabilities

Overview : New vulnerabilities discovered in MediaWiki Affected Product(s) : MediaWiki before 1.19.4 and 1.20.x before 1.20.3 Vulnerability Details : CVE ID : CVE-2013-1817 MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. CVE ID : CVE-2013-1816 […]

CVE-2021-36130

An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users. (CVSS:0.0) (Last Update:2021-07-02)

CVE-2021-36131

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users. (CVSS:0.0) (Last Update:2021-07-02)

Jenkins announces vulnerabilities

Overview : Stored XSS vulnerability in expandable textbox form control SECURITY-1498 / CVE-2019-10401 Jenkins form controls include an expandable textbox that can transform from a single-line text box to a multi-line text area. The implementation of this transformation interpreted the text content of the form field as HTML. This resulted […]

Advanced Machine Learning Based Web Security Solution
The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s
100%
The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.
Demo Request Form
Overlay Image
100% Advanced Machine Learning Based Bot Management Solution
Demo Request Form
Are you under attack?
The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s
The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.
Attack Protection Hotline
Get emergency help 24x7
Overlay Image
Are you under attack?
The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s
Attack Protection Hotline
Get emergency help 24x7
Overlay Image