All 64 CVE vulnerabilities found in MediaWiki, with AI-generated Chinese analysis, references, and POCs.
This page catalogs security vulnerabilities within the MediaWiki product, a widely used open-source wiki software platform developed by the Wikimedia Foundation and the community. It aggregates data related to various weakness types, including cross-site scripting, information disclosure, and privilege escalation flaws, covering incidents reported from the initial releases up to the most recent patches. Readers can use this resource to track vendor advisories, understand the evolution of a specific weakness class within the software ecosystem, or look up a product's vulnerability history to assess long-term security postures. The collection is organized to help developers, system administrators, and security researchers identify patterns in how vulnerabilities are discovered, disclosed, and remediated over time. By centralizing these records, the page facilitates a deeper understanding of the threat landscape surrounding MediaWiki, highlighting areas that may require urgent attention or further hardening. It serves as a reference for auditing existing deployments and informing future development priorities to mitigate risks associated with known security defects. The information presented here is derived from official vendor communications, independent security disclosures, and community reports, ensuring a comprehensive view of the product's security history. Users are encouraged to consult this data alongside current documentation and patch notes to maintain robust defense mechanisms against emerging threats. This page does not provide real-time alerts but offers a historical context that supports proactive security management and informed decision-making regarding software updates and configuration adjustments.
Vendor: mediawiki
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-0367 | Having LocalisationCache directory default to system tmp directory is insecure | 7.8 | - | 2018-04-13 |
| CVE-2017-0368 | Make rawHTML mode not apply to system messages | 5.3 | - | 2018-04-13 |
| CVE-2017-0369 | Sysops can undelete pages, although the page is protected against it | 6.5 | - | 2018-04-13 |
| CVE-2017-0370 | Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter | 5.3 | - | 2018-04-13 |
All 64 known CVE vulnerabilities affecting MediaWiki with full Chinese analysis, references, and POCs where available.