Lucas_Werkmeister_Wmde

Name of the Vulnerable Software and Affected Versions: Mediawiki - Wikidata Extension versions 1.39 through 1.43 Description: The issue is related to improper input validation in the Mediawiki - Wikidata Extension, allowing Cross-Site Scripting (XSS) from the `widthheight` message via the `ImageHandler::getDimensionsString()` function. Recommendations: For versions 1.39 through 1.43, consider disabling the `ImageHandler::getDimensionsString()` function as a temporary workaround until a patch is available. Restrict access to the `widthheight` message in the affected API endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mediawiki Core - Feed Utils versions 1.39 through 1.43 Description: The issue is related to improper encoding or escaping of output, which allows WebView Injection. This is a problem where output is not properly encoded or escaped, potentially leading to the injection of malicious content into a WebView. Recommendations: For versions 1.39 through 1.43, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.39.6 and earlier, 1.40.x versions prior to 1.40.2, 1.41.x versions prior to 1.41.1 **Description** An issue was discovered in WikibaseLexeme, related to inadequate access control. This issue allows an attacker to make an edit that merges the from-id to the to-id when loading Special:MergeLexemes, even if the request was not a POST request and does not contain an edit token. The exploitation of this issue may allow a remote attacker to elevate their privileges. **Recommendations** For MediaWiki versions 1.39.6 and earlier, update to version 1.39.6 or later. For MediaWiki 1.40.x versions prior to 1.40.2, update to version 1.40.2 or later. For MediaWiki 1.41.x versions prior to 1.41.1, update to version 1.41.1 or later. As a temporary workaround, consider restricting access to the Special:MergeLexemes page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wikibase extension for MediaWiki versions 1.35.x through 1.35.11 Wikibase extension for MediaWiki versions 1.36.x through 1.39.4 Wikibase extension for MediaWiki versions 1.40.x through 1.40.0 **Description** An issue was discovered in the Wikibase extension for MediaWiki. There is no rate limit for merging items, which could allow a remote attacker to cause a denial of service. **Recommendations** For versions 1.35.x through 1.35.11, update to version 1.35.12 or later. For versions 1.36.x through 1.39.4, update to version 1.39.5 or later. For versions 1.40.x through 1.40.0, update to version 1.40.1 or later.

**Name of the Vulnerable Software and Affected Versions** Wikibase extension for MediaWiki versions prior to 1.35.12 Wikibase extension for MediaWiki versions 1.36.x through 1.39.x before 1.39.5 Wikibase extension for MediaWiki versions 1.40.x before 1.40.1 **Description** The issue is related to the Wikibase extension for MediaWiki, where the `ItemMergeInteractor` does not have an edit filter running, such as `AbuseFilter`, during item merging. This could allow a remote attacker to compromise data integrity and confidentiality. **Recommendations** For versions prior to 1.35.12, update to version 1.35.12 or later. For versions 1.36.x through 1.39.x, update to version 1.39.5 or later. For versions 1.40.x before 1.40.1, update to version 1.40.1 or later. As a temporary workaround, consider disabling the `ItemMergeInteractor` function until a patch is available. Restrict access to the `ItemMergeInteractor` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 **Description** An issue was discovered in MediaWiki that allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability. This is due to XSS in Wikibase date formatting via `wikibase-time-precision-*` fields. **Recommendations** For versions prior to 1.35.9, update to version 1.35.9 or later. For versions 1.36.x through 1.38.x before 1.38.5, update to version 1.38.5 or later. For versions 1.39.x before 1.39.1, update to version 1.39.1 or later. As a temporary workaround, consider restricting access to the `wikibase-time-precision-*` fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.38.1 **Description** An issue in MediaWiki allows the creation of larger lexemes than the capped length of a thousand characters, as this length is not validated. This introduces denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions, related to "Special:NewLexeme" and "Special:NewProperty". **Recommendations** For versions through 1.38.1, consider restricting the creation of new lexemes or validating the lemma length to prevent denial-of-service attacks. As a temporary workaround, restrict access to "Special:NewLexeme" and "Special:NewProperty" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wikibase Wikidata Query Service GUI versions prior to 0.3.6-SNAPSHOT 2019-11-07 **Description** The issue allows for arbitrary JavaScript execution, which can occur when mathematical expressions in results are displayed directly. This can lead to XSS. The problem was addressed by introducing MathJax as a new mathematics rendering engine. **Recommendations** For versions prior to 0.3.6-SNAPSHOT 2019-11-07, update to a version that includes the new mathematics rendering engine, such as 0.3.6-SNAPSHOT or later, to prevent arbitrary JavaScript execution.