Vulnerabilities > Mediawiki
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-09 | CVE-2023-45369 | Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 4.3 |
| 2023-10-09 | CVE-2023-45370 | Unspecified vulnerability in Mediawiki An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 5.3 |
| 2023-10-09 | CVE-2023-45371 | Allocation of Resources Without Limits or Throttling vulnerability in Mediawiki An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 7.5 |
| 2023-10-09 | CVE-2023-45372 | Unspecified vulnerability in Mediawiki An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 5.3 |
| 2023-10-09 | CVE-2023-45373 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 6.1 |
| 2023-10-09 | CVE-2023-45374 | Unspecified vulnerability in Mediawiki An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 5.3 |
| 2023-10-09 | CVE-2023-45363 | Infinite Loop vulnerability in multiple products An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 7.5 |
| 2023-10-09 | CVE-2023-45364 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. | 5.3 |
| 2023-10-09 | CVE-2023-45367 | Unspecified vulnerability in Mediawiki An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 6.5 |
| 2023-09-25 | CVE-2023-3550 | Cross-site Scripting vulnerability in multiple products Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | 7.3 |