Soda

#9709of 53,624
28.4Total CVSS
Vulnerabilities · 5
Medium
5
PT-2024-32850
6.9
2024-10-04
Mediawiki · Mediawiki · CVE-2024-47848
**Name of the Vulnerable Software and Affected Versions** Mediawiki - PageTriage versions 1.39.X through 1.39.8 Mediawiki - PageTriage versions 1.41.X through 1.41.2 Mediawiki - PageTriage versions 1.42.X through 1.42.1 **Description** The issue affects the Mediawiki - PageTriage extension, allowing authentication bypass and exposure of sensitive information to unauthorized actors. **Recommendations** For versions 1.39.X through 1.39.8, update to version 1.39.9 or later. For versions 1.41.X through 1.41.2, update to version 1.41.3 or later. For versions 1.42.X through 1.42.1, update to version 1.42.2 or later.
PT-2024-2678
5.5
2024-01-12
Mediawiki · Mediawiki · CVE-2024-23174
**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 **Description** The issue is related to the PageTriage extension in MediaWiki, which is associated with improper neutralization of input during webpage creation. This can allow a remote attacker to perform cross-site scripting attacks. The attacks can occur via various messages, including `rev-deleted-user`, `pagetriage-tags-quickfilter-label`, `pagetriage-triage`, `pagetriage-filter-date-range-format-placeholder`, `pagetriage-filter-date-range-to`, `pagetriage-filter-date-range-from`, `pagetriage-filter-date-range-heading`, `pagetriage-filter-set-button`, or `pagetriage-filter-reset-button`. **Recommendations** For MediaWiki versions prior to 1.35.14, update to version 1.35.14 or later. For MediaWiki versions 1.36.x through 1.39.x, update to version 1.39.6 or later. For MediaWiki versions 1.40.x before 1.40.2, update to version 1.40.2 or later. As a temporary workaround, consider restricting access to the PageTriage extension until a patch is available. Avoid using the vulnerable messages in the PageTriage extension until the issue is resolved.
PT-2023-8946
6.4
2023-10-08
Mediawiki · Mediawiki Proofreadpage Extension · CVE-2023-45373
**Name of the Vulnerable Software and Affected Versions** MediaWiki ProofreadPage extension versions prior to 1.35.12 MediaWiki ProofreadPage extension versions 1.36.x through 1.39.x before 1.39.5 MediaWiki ProofreadPage extension versions 1.40.x before 1.40.1 **Description** The issue exists due to a lack of protection for the web page structure in the ProofreadPage extension for MediaWiki. This can allow a remote attacker to perform cross-site scripting attacks. The attack can occur via the `formatNumNoSeparators` function. **Recommendations** For MediaWiki ProofreadPage extension versions prior to 1.35.12, update to version 1.35.12 or later. For MediaWiki ProofreadPage extension versions 1.36.x through 1.39.x, update to version 1.39.5 or later. For MediaWiki ProofreadPage extension versions 1.40.x before 1.40.1, update to version 1.40.1 or later. As a temporary workaround, consider disabling the `formatNumNoSeparators` function until a patch is available.
PT-2023-8950
4.3
2023-10-08
Mediawiki · Mediawiki · CVE-2023-45369
**Name of the Vulnerable Software and Affected Versions** MediaWiki PageTriage extension versions prior to 1.35.12 MediaWiki PageTriage extension versions 1.36.x through 1.39.x before 1.39.5 MediaWiki PageTriage extension versions 1.40.x before 1.40.1 **Description** An issue was discovered in the PageTriage extension for MediaWiki, where usernames of hidden users are exposed. This could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For MediaWiki PageTriage extension versions prior to 1.35.12, update to version 1.35.12 or later. For MediaWiki PageTriage extension versions 1.36.x through 1.39.x, update to version 1.39.5 or later. For MediaWiki PageTriage extension versions 1.40.x, update to version 1.40.1 or later.
PT-2023-25896
5.3
2023-06-30
Mediawiki · Mediawiki Proofreadpage Extension · CVE-2023-37305
**Name of the Vulnerable Software and Affected Versions** MediaWiki ProofreadPage extension versions through 1.39.3 **Description** An issue in the ProofreadPage extension for MediaWiki allows hidden users to be exposed via public interfaces, specifically in the includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php files. **Recommendations** For versions through 1.39.3, consider restricting access to the `PageContentHandler` and `PageDisplayHandler` classes until a patch is available. As a temporary workaround, review the configuration of public interfaces to minimize the exposure of hidden users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.