Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MediaWiki — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting MediaWiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MediaWiki serves as the collaborative platform behind Wikipedia, enabling content creation and management through wiki markup. Historically, it has faced vulnerabilities across multiple classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from input validation flaws and insufficient access controls. The platform's open nature exposes it to constant scrutiny, with 19 CVEs recorded to date. Notable incidents have involved XSS vulnerabilities in parser functions and RCE through manipulated file uploads. MediaWiki's security model emphasizes granular permissions and extensive logging, though its complexity and extensibility through third-party extensions continue to present challenges for maintainers and administrators alike.

Top products by MediaWiki: mediawiki mediawiki (SyntaxHighlight extension)
CVE IDTitleCVSSSeverityPublished
CVE-2023-3550 Stored XSS leads to privilege escalation in MediaWiki v1.40.0 — MediaWikiCWE-79 7.3 High2023-09-25
CVE-2013-1817 MediaWiki 信息泄露漏洞 — mediawiki 7.5 -2019-11-20
CVE-2013-1816 MediaWiki 输入验证错误漏洞 — mediawiki 7.5 -2019-11-20
CVE-2012-0046 MediaWiki 信息泄露漏洞 — mediawiki 7.5 -2019-10-29
CVE-2018-0503 $wgRateLimits entry for 'user' overrides 'newbie' — mediawiki 4.3 -2018-10-04
CVE-2018-0504 Information disclosure in Special:Redirect/logid — mediawiki 6.5 -2018-10-04
CVE-2018-0505 BotPasswords can bypass CentralAuth's account lock — mediawiki 6.5 -2018-10-04
CVE-2018-13258 Tarball was missing .htaccess files — mediawiki 5.3 -2018-10-04
CVE-2017-0361 api.log contains passwords in plaintext — mediawiki 7.1 -2018-04-13
CVE-2017-0362 "Mark all pages visited" on the watchlist does not require a CSRF token — mediawiki 8.8 -2018-04-13
CVE-2017-0363 Special:UserLogin?returnto=interwiki:foo will redirect to external sites — mediawiki 6.1 -2018-04-13
CVE-2017-0364 Special:Search allows redirects to any interwiki link — mediawiki 6.1 -2018-04-13
CVE-2017-0365 XSS in SearchHighlighter::highlightText() [requires non-default config] — mediawiki 6.1 -2018-04-13
CVE-2017-0366 SVG filter evasion using default attribute values in DTD declaration — mediawiki 5.4 -2018-04-13
CVE-2017-0367 Having LocalisationCache directory default to system tmp directory is insecure — mediawiki 7.8 -2018-04-13
CVE-2017-0368 Make rawHTML mode not apply to system messages — mediawiki 5.3 -2018-04-13
CVE-2017-0369 Sysops can undelete pages, although the page is protected against it — mediawiki 6.5 -2018-04-13
CVE-2017-0370 Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter — mediawiki 5.3 -2018-04-13
CVE-2017-0372 Parameters injection in SyntaxHighlight results in multiple vulnerabilities — mediawiki (SyntaxHighlight extension) 9.8 -2018-04-13

This page lists every published CVE security advisory associated with MediaWiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.