Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Mediawiki - Cargo

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2024-47847
Assigner-The Wikimedia Foundation
ShareView Details
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.38% / 58.39%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 00:47
Updated-16 Oct, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Various XSSes found in Cargo

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

Action-Not Available
Vendor-Wikimedia Foundation
Product-cargoMediawiki - Cargomediawiki-cargo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47846
Assigner-The Wikimedia Foundation
ShareView Details
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 00:39
Updated-16 Oct, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection

Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

Action-Not Available
Vendor-Wikimedia Foundation
Product-cargoMediawiki - Cargomediawiki-cargo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-47849
Assigner-The Wikimedia Foundation
ShareView Details
Assigner-The Wikimedia Foundation
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.61%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 00:29
Updated-16 Oct, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Backticks can allow the usage of not-allowed SQL functions

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

Action-Not Available
Vendor-Wikimedia Foundation
Product-cargoMediawiki - Cargomediawiki-cargo
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')