Browse all 23 CVE security advisories affecting miraheze. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Miraheze operates as a non-profit wiki hosting service, leveraging MediaWiki software to provide free, community-driven knowledge bases. With twenty-three recorded Common Vulnerabilities and Exposures, the platform has historically faced risks associated with its underlying open-source infrastructure. These vulnerabilities typically manifest as cross-site scripting, SQL injection, and privilege escalation flaws, often stemming from third-party extensions or outdated core components rather than fundamental architectural failures. Security incidents have generally been limited to localized exploitation attempts rather than widespread data breaches, reflecting the platform’s decentralized nature. The organization maintains a responsible disclosure policy, addressing reported issues through prompt patching and configuration hardening. While the high CVE count suggests a complex attack surface due to extensive plugin usage, the actual impact remains constrained by the platform’s read-heavy usage model and strict sandboxing of user-generated content, ensuring that most exploits require authenticated access or specific extension configurations to succeed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47781 | Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki — CreateWikiCWE-79 | 5.4 | - | 2024-10-07 |
| CVE-2024-34701 | CreateWiki vulnerable to impersonation of wiki requester — CreateWikiCWE-863 | 5.9 | Medium | 2024-05-13 |
| CVE-2024-29898 | Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis — CreateWikiCWE-200 | 4.9 | Medium | 2024-03-28 |
| CVE-2024-29897 | CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki` — CreateWikiCWE-200 | 4.9 | Medium | 2024-03-28 |
| CVE-2024-29883 | CreateWiki's wiki request suppression ignores the suppression settings set by the suppressor — CreateWikiCWE-200 | 4.9 | Medium | 2024-03-26 |
| CVE-2022-24813 | Authentication Bypass Using an Alternate Path or Channel in CreateWiki — CreateWikiCWE-288 | 5.3 | Medium | 2022-04-04 |
This page lists every published CVE security advisory associated with miraheze. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.