Browse all 23 CVE security advisories affecting miraheze. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Miraheze operates as a non-profit wiki hosting service, leveraging MediaWiki software to provide free, community-driven knowledge bases. With twenty-three recorded Common Vulnerabilities and Exposures, the platform has historically faced risks associated with its underlying open-source infrastructure. These vulnerabilities typically manifest as cross-site scripting, SQL injection, and privilege escalation flaws, often stemming from third-party extensions or outdated core components rather than fundamental architectural failures. Security incidents have generally been limited to localized exploitation attempts rather than widespread data breaches, reflecting the platform’s decentralized nature. The organization maintains a responsible disclosure policy, addressing reported issues through prompt patching and configuration hardening. While the high CVE count suggests a complex attack surface due to extensive plugin usage, the actual impact remains constrained by the platform’s read-heavy usage model and strict sandboxing of user-generated content, ensuring that most exploits require authenticated access or specific extension configurations to succeed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47612 | XSS in Special:DataDump when displaying dump status — DataDumpCWE-79 | 3.5 | Low | 2024-10-02 |
| CVE-2021-32774 | Cross-Site Request Forgery (CSRF) in DataDump — DataDumpCWE-352 | 6.1 | Medium | 2021-07-20 |
This page lists every published CVE security advisory associated with miraheze. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.