MediaWiki 1.40.0 Release Candidate 0

CPE Details

MediaWiki 1.40.0 Release Candidate 0
mediawiki
mediawiki
1.40.0
2023-07-03
16h35 +00:00
2023-07-07
10h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:*

Informations

Vendor

mediawiki

Product

mediawiki

Version

1.40.0

Update

rc0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-40596 2024-07-06 00h00 +00:00 An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)
4.3
Medium
CVE-2024-40598 2024-07-06 00h00 +00:00 An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)
4.3
Medium
CVE-2024-40599 2024-07-06 00h00 +00:00 An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
4.8
Medium
CVE-2024-40602 2024-07-06 00h00 +00:00 An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
6.1
Medium
CVE-2024-40603 2024-07-06 00h00 +00:00 An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.
4.3
Medium
CVE-2024-40604 2024-07-06 00h00 +00:00 An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.
4.8
Medium
CVE-2024-40605 2024-07-06 00h00 +00:00 An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
4.8
Medium
CVE-2024-40600 2024-07-05 22h00 +00:00 An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
6.1
Medium
CVE-2024-40601 2024-07-05 22h00 +00:00 An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.
6.5
Medium
CVE-2024-23171 2024-01-11 23h00 +00:00 An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).
5.4
Medium
CVE-2024-23172 2024-01-11 23h00 +00:00 An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
5.4
Medium
CVE-2024-23173 2024-01-11 23h00 +00:00 An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.
6.1
Medium
CVE-2024-23174 2024-01-11 23h00 +00:00 An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.
5.4
Medium
CVE-2024-23177 2024-01-11 23h00 +00:00 An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
6.1
Medium
CVE-2024-23178 2024-01-11 23h00 +00:00 An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
5.4
Medium
CVE-2024-23179 2024-01-11 23h00 +00:00 An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.
6.1
Medium
CVE-2023-51704 2023-12-21 23h00 +00:00 An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
6.1
Medium
CVE-2023-45360 2023-11-02 23h00 +00:00 An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
5.4
Medium
CVE-2023-45362 2023-11-02 23h00 +00:00 An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
4.3
Medium
CVE-2023-36674 2023-08-19 22h00 +00:00 An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
5.3
Medium