Bawolff

**Name of the Vulnerable Software and Affected Versions** Leafkit versions prior to 1.4.1 **Description** Leafkit’s `htmlEscaped` function inadequately escapes HTML special characters when dealing with extended grapheme clusters. This occurs because the function only escapes characters if the extended grapheme clusters match. By utilizing an extended grapheme cluster containing both a special HTML character and additional characters, the escaping mechanism can be bypassed. Specifically, within HTML attributes, this can lead to Cross-Site Scripting (XSS) if a leaf variable in the attribute is controlled by a user. The issue stems from the way Swift handles strings based on extended grapheme clusters, differing from HTML’s character-based approach. The function `replacingOccurrences(of:with:)` or `replacing` may be affected, depending on the Swift version. The vulnerability can be exploited by crafting a malicious payload within an attribute, such as the `title` attribute, to inject arbitrary HTML or JavaScript code. **Recommendations** Versions prior to 1.4.1 should be updated to version 1.4.1 or later.

Nome do Software Vulnerável e Versões Afetadas: Extensão Mobile Frontend do MediaWiki – versões 1.39 a 1.43 Descrição: A falha afeta a Extensão Mobile Frontend do MediaWiki, permitindo a exposição de informações sensíveis a um ator não autorizado. Isso possibilita a manipulação de recursos compartilhados. Recomendações: Para as versões 1.39 a 1.43, atualize para uma versão que contenha uma correção para esta falha. Até o momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

Nome do Software Vulnerável e Versões Afetadas: Mediawiki - Extensão Visual Data versões 1.39 a 1.43 Descrição: O problema está relacionado a uma vulnerabilidade de Validação de Entrada Imprópria que permite Negação de Serviço HTTP (DoS). Esta vulnerabilidade afeta a Extensão Visual Data do Mediawiki. Recomendações: Para as versões 1.39 a 1.43, atualize para uma versão que contenha uma correção para este problema. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** MediaWiki - Extensão CSS, versões 1.39.X a 1.39.8 MediaWiki - Extensão CSS, versões 1.41.X a 1.41.2 MediaWiki - Extensão CSS, versões 1.42.X a 1.42.1 **Descrição** O problema está relacionado à codificação ou escape inadequados da saída, o que permite a injeção de código. Trata-se de uma vulnerabilidade de injeção de código na extensão CSS do Mediawiki. **Recomendações** Para as versões 1.39.X a 1.39.8, atualize para a versão 1.39.9 ou posterior. Para as versões 1.41.X a 1.41.2, atualize para a versão 1.41.3 ou posterior. Para as versões 1.42.X a 1.42.1, atualize para a versão 1.42.2 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do MediaWiki anteriores à 1.39.7 Versões do MediaWiki 1.40.x anteriores à 1.40.3 Versões do MediaWiki 1.41.x anteriores à 1.41.1 **Descrição** O problema está relacionado à neutralização incorreta de entradas durante a criação de páginas da web no arquivo includes/CommentFormatter/CommentParser.php do MediaWiki. Isso pode permitir que um invasor remoto execute ataques de cross-site scripting (XSS). A vulnerabilidade é causada pelo tratamento incorreto do caractere 0x1b. Um exemplo da exploração é demonstrado pelo endpoint `Special:RecentChanges#%1b0000000`. **Recomendações** Para versões do MediaWiki anteriores à 1.39.7, atualize para a versão 1.39.7 ou posterior. Para versões do MediaWiki 1.40.x anteriores à 1.40.3, atualize para a versão 1.40.3 ou posterior. Para versões do MediaWiki 1.41.x anteriores à 1.41.1, atualize para a versão 1.41.1 ou posterior. Como solução temporária, considere restringir o acesso ao arquivo `includes/CommentFormatter/CommentParser.php` até que um patch esteja disponível. Evite usar o caractere `0x1b` nas entradas do usuário até que o problema seja resolvido.

**Name of the Vulnerable Software and Affected Versions** MediaWiki PandocUpload Extension (affected versions not specified) **Description** The issue is related to insufficient input validation when processing shell arguments in the MediaWiki PandocUpload extension. This can be exploited by a remote attacker to execute arbitrary code by uploading a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GoogleAnalyticsMetrics extension for MediaWiki versions through 1.39.3 **Description** An issue was discovered in the googleanalyticstrackurl parser function, which does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs. **Recommendations** For versions through 1.39.3, update to a version that fixes the issue with the googleanalyticstrackurl parser function to prevent JavaScript injection through the onclick handler. As a temporary workaround, consider disabling the googleanalyticstrackurl parser function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki Cargo extension versions through 1.39.3 **Description** An issue was discovered in the Cargo extension for MediaWiki that allows storing javascript: URLs in URL fields, and these URLs are automatically linked. **Recommendations** For MediaWiki Cargo extension versions through 1.39.3, update to a version later than 1.39.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MediaWiki Cargo extension versions through 1.39.3 **Description** An issue in the Cargo extension for MediaWiki allows XSS to occur in Special:CargoQuery via a crafted page item when using the default format. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of a crafted page item in the `Special:CargoQuery` endpoint. **Recommendations** For MediaWiki Cargo extension versions through 1.39.3, update to a version later than 1.39.3 to resolve the issue. As a temporary workaround, consider restricting access to the `Special:CargoQuery` endpoint until a patch is available. Avoid using the default format in `Special:CargoQuery` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 **Description** An issue was discovered in MediaWiki where the CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated nonce, allowing an adversary to decrypt. **Recommendations** For versions prior to 1.35.9, update to version 1.35.9 or later. For versions 1.36.x through 1.38.x before 1.38.5, update to version 1.38.5 or later. For versions 1.39.x before 1.39.1, update to version 1.39.1 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 **Description** An issue was discovered in MediaWiki when installing with a pre-existing data directory that has weak permissions. The SQLite files are created with file mode 0644, making them world-readable to local users. These files include credentials data. **Recommendations** For MediaWiki versions prior to 1.35.9, update to version 1.35.9 or later. For MediaWiki versions 1.36.x through 1.38.x before 1.38.5, update to version 1.38.5 or later. For MediaWiki versions 1.39.x before 1.39.1, update to version 1.39.1 or later. As a temporary workaround, consider restricting access to the SQLite files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 **Description** An issue in MediaWiki allows for XSS due to E-Widgets performing widget replacement in HTML attributes. This can lead to security issues because widget authors often do not expect their widgets to be executed in an HTML attribute context. **Recommendations** For MediaWiki versions prior to 1.35.9, update to version 1.35.9 or later. For MediaWiki versions 1.36.x through 1.38.x before 1.38.5, update to version 1.38.5 or later. For MediaWiki versions 1.39.x before 1.39.1, update to version 1.39.1 or later.

**Nome do software vulnerável e versões afetadas** Versões da extensão MediaWiki RSS anteriores a 29/04/2022 **Descrição** A vulnerabilidade permite um ataque XSS por meio de um elemento rss se o feed estiver na lista $wgRSSUrlWhitelist e a variável $wgRSSAllowLinkTag estiver definida como true. **Recomendações** Para versões anteriores a 29/04/2022, atualize para uma versão lançada após 29/04/2022 para resolver o problema. Como solução temporária, considere definir $wgRSSAllowLinkTag como false para minimizar o risco de exploração. Restrinja o acesso a feeds que não estejam em $wgRSSUrlWhitelist para reduzir ainda mais o risco.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.30.0 through 1.32.1 **Description** The issue is related to the possibility of loading user JavaScript from a non-existent account, which allows anyone to create the account and perform cross-site scripting (XSS) on users loading that script. This can be exploited by a remote attacker to compromise data integrity. **Recommendations** For MediaWiki versions 1.30.0 through 1.32.1, update to version 1.32.2, 1.31.2, 1.30.2, or 1.27.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.27.0 through 1.32.1 **Description** The issue is related to an Incorrect Access Control vulnerability that allows for bypassing re-authentication. This can be exploited by directly POSTing to the "Special:ChangeEmail" endpoint, potentially leading to account takeover, unauthorized access to protected information, and impact on data integrity. **Recommendations** For MediaWiki versions 1.27.0 through 1.32.1, consider restricting access to the "Special:ChangeEmail" endpoint until a patch is available. As a temporary workaround, disabling the re-authentication bypass functionality may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.28.1 MediaWiki versions prior to 1.27.2 **Description** The issue is related to an unsafe use of a temporary directory. By default, the LocalisationCache directory is set to the system's temporary directory, which is insecure. **Recommendations** For versions prior to 1.28.1, update to version 1.28.1 or later. For versions prior to 1.27.2, update to version 1.27.2 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.27.x before 1.27.1 **Description** The issue might allow remote attackers to bypass intended session access restrictions. This is achieved by leveraging a call to the `UserGetRights` function after `Session::getAllowedUserRights`. **Recommendations** For MediaWiki versions 1.27.x before 1.27.1, update to version 1.27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on session access restrictions until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Mediawiki versions prior to 1.28.1 Mediawiki versions prior to 1.27.2 Mediawiki versions prior to 1.23.16 **Description** The issue concerns a flaw in the Special:Search feature, which allows redirects to any interwiki link. **Recommendations** For versions prior to 1.28.1, update to version 1.28.1 or later. For versions prior to 1.27.2, update to version 1.27.2 or later. For versions prior to 1.23.16, update to version 1.23.16 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.28.1 MediaWiki versions prior to 1.27.2 MediaWiki versions prior to 1.23.16 **Description** The issue is related to a XSS vulnerability in the `highlightText()` function of the SearchHighlighter class, which occurs with non-default configurations. **Recommendations** For versions prior to 1.28.1, update to version 1.28.1 or later. For versions prior to 1.27.2, update to version 1.27.2 or later. For versions prior to 1.23.16, update to version 1.23.16 or later.

**Name of the Vulnerable Software and Affected Versions** Mediawiki versions prior to 1.28.1 Mediawiki versions prior to 1.27.2 Mediawiki versions prior to 1.23.16 **Description** The issue is related to a flaw in Mediawiki that affects the rawHTML mode, causing it to apply to system messages. **Recommendations** For versions prior to 1.28.1, update to version 1.28.1 or later. For versions prior to 1.27.2, update to version 1.27.2 or later. For versions prior to 1.23.16, update to version 1.23.16 or later.