Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

The Wikimedia Foundation

#c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
PolicyEmail

Short Name

wikimedia-foundation

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

wikimedia.org

Country

USA

Scope

Any code repository hosted under gerrit.wikimedia.org, gitlab.wikimedia.org, or github.com/wikimedia that is not labeled as archived or marked as a fork of an upstream project. Please see our disclosure policy for additional exclusions to scope.
Reported CVEsVendorsProductsReports
152Vulnerabilities found
CVE-2024-47845
Assigner-The Wikimedia Foundation
ShareView Details
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.29% / 52.17%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 00:09
Updated-23 Oct, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSS sanitizer used incorrectly, and is easily bypassed

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

Action-Not Available
Vendor-Wikimedia Foundation
Product-wikimedia-extensions-cssMediawiki - CSS Extensionmediawiki-extensions-css
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2024-47848
Assigner-The Wikimedia Foundation
ShareView Details
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.51% / 65.91%
||
7 Day CHG~0.00%
Published-04 Oct, 2024 | 23:53
Updated-07 Oct, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User can review/unreview articles while blocked

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - PageTriagepagetriage
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next