Search

Find a vulnerability

Search criteria

    46 vulnerabilities by miraheze

    CVE-2026-33541 (GCVE-0-2026-33541)

    Vulnerability from nvd – Published: 2026-03-26 20:27 – Updated: 2026-03-27 20:01
    VLAI
    Title
    TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service
    Summary
    TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS). Version 34 contains a fix for the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze TSPortal Affected: < 34
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T19:52:08.746386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T20:01:35.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TSPortal",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 34"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TSPortal is the WikiTide Foundation\u2019s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS). Version 34 contains a fix for the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T20:27:05.840Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-f346-8rp3-4h9h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-f346-8rp3-4h9h"
            }
          ],
          "source": {
            "advisory": "GHSA-f346-8rp3-4h9h",
            "discovery": "UNKNOWN"
          },
          "title": "TSPortal\u0027s Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33541",
        "datePublished": "2026-03-26T20:27:05.840Z",
        "dateReserved": "2026-03-20T18:05:11.832Z",
        "dateUpdated": "2026-03-27T20:01:35.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-29788 (GCVE-0-2026-29788)

    Vulnerability from nvd – Published: 2026-03-06 20:31 – Updated: 2026-03-09 20:54
    VLAI
    Title
    TSPortal: Anyone can forge self-deletion requests of any user
    Summary
    TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-283 - Unverified Ownership
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze TSPortal Affected: < 30
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-29788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:51:17.114554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:54:30.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TSPortal",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 30"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TSPortal is the WikiTide Foundation\u2019s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-283",
                  "description": "CWE-283: Unverified Ownership",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T20:31:17.994Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T15053",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T15053"
            }
          ],
          "source": {
            "advisory": "GHSA-gfhq-7499-f3f2",
            "discovery": "UNKNOWN"
          },
          "title": "TSPortal: Anyone can forge self-deletion requests of any user"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-29788",
        "datePublished": "2026-03-06T20:31:17.994Z",
        "dateReserved": "2026-03-04T16:26:02.899Z",
        "dateUpdated": "2026-03-09T20:54:30.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53371 (GCVE-0-2025-53371)

    Vulnerability from nvd – Published: 2025-07-10 17:26 – Updated: 2025-07-10 17:47
    VLAI
    Title
    DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs
    Summary
    DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze DiscordNotifications Affected: < 1f20d850cbcce5b15951c7c6127b87b927a5415e
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53371",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T17:47:50.722427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T17:47:56.055Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DiscordNotifications",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1f20d850cbcce5b15951c7c6127b87b927a5415e"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T17:26:02.512Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65"
            },
            {
              "name": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e"
            }
          ],
          "source": {
            "advisory": "GHSA-gvfx-p3h5-qf65",
            "discovery": "UNKNOWN"
          },
          "title": "DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-53371",
        "datePublished": "2025-07-10T17:26:02.512Z",
        "dateReserved": "2025-06-27T12:57:16.121Z",
        "dateUpdated": "2025-07-10T17:47:56.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-43861 (GCVE-0-2025-43861)

    Vulnerability from nvd – Published: 2025-04-24 20:49 – Updated: 2025-04-25 19:32
    VLAI
    Title
    ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection
    Summary
    ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze ManageWiki Affected: < 2f177dc
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T19:31:56.539838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T19:32:14.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ManageWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2f177dc"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the \"Review Changes\" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-24T20:49:57.692Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv"
            },
            {
              "name": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab"
            }
          ],
          "source": {
            "advisory": "GHSA-859x-46h8-vcrv",
            "discovery": "UNKNOWN"
          },
          "title": "ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-43861",
        "datePublished": "2025-04-24T20:49:57.692Z",
        "dateReserved": "2025-04-17T20:07:08.556Z",
        "dateUpdated": "2025-04-25T19:32:14.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32964 (GCVE-0-2025-32964)

    Vulnerability from nvd – Published: 2025-04-22 17:15 – Updated: 2025-04-22 17:35
    VLAI
    Title
    ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
    Summary
    ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze ManageWiki Affected: < 00bebea
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32964",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T17:35:26.566312Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T17:35:37.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ManageWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 00bebea"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-22T17:15:03.200Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr"
            },
            {
              "name": "https://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd"
            }
          ],
          "source": {
            "advisory": "GHSA-ccrf-x5rp-gppr",
            "discovery": "UNKNOWN"
          },
          "title": "ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-32964",
        "datePublished": "2025-04-22T17:15:03.200Z",
        "dateReserved": "2025-04-14T21:47:11.453Z",
        "dateUpdated": "2025-04-22T17:35:37.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32956 (GCVE-0-2025-32956)

    Vulnerability from nvd – Published: 2025-04-21 20:45 – Updated: 2025-05-12 15:40
    VLAI
    Title
    ManageWiki has SQL injection vulnerability in NamespaceMigrationJob
    Summary
    ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    miraheze ManageWiki Affected: < f504ed8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T13:37:16.343745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T13:37:53.320Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:40:28.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.vicarius.io/vsociety/posts/cve-2025-32956-detect-mediawiki-vulnerability"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/cve-2025-32956-mitigate-mediawiki-vulnerability"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ManageWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c f504ed8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki[\u0027namespaces\u0027] = false;`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-21T20:45:49.523Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7"
            },
            {
              "name": "https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9"
            }
          ],
          "source": {
            "advisory": "GHSA-gg42-cv66-f5x7",
            "discovery": "UNKNOWN"
          },
          "title": "ManageWiki has SQL injection vulnerability in NamespaceMigrationJob"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-32956",
        "datePublished": "2025-04-21T20:45:49.523Z",
        "dateReserved": "2025-04-14T21:47:11.452Z",
        "dateUpdated": "2025-05-12T15:40:28.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47816 (GCVE-0-2024-47816)

    Vulnerability from nvd – Published: 2024-10-09 18:19 – Updated: 2024-10-09 19:44
    VLAI
    Title
    Users can impersonate import requesters if their actor IDs coincide in ImportDump
    Summary
    ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they're the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it's marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-282 - Improper Ownership Management
    Assigner
    Impacted products
    Vendor Product Version
    miraheze ImportDump Affected: commits prior to 5c91dfc
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:44:13.313675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:44:51.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImportDump",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits prior to 5c91dfc"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImportDump is a mediawiki extension designed to automate user import requests. A user\u0027s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they\u0027re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it\u0027s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-282",
                  "description": "CWE-282: Improper Ownership Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T18:19:17.108Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387"
            },
            {
              "name": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12701",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12701"
            }
          ],
          "source": {
            "advisory": "GHSA-jjmq-mg36-6387",
            "discovery": "UNKNOWN"
          },
          "title": "Users can impersonate import requesters if their actor IDs coincide in ImportDump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47816",
        "datePublished": "2024-10-09T18:19:17.108Z",
        "dateReserved": "2024-10-03T14:06:12.638Z",
        "dateUpdated": "2024-10-09T19:44:51.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47815 (GCVE-0-2024-47815)

    Vulnerability from nvd – Published: 2024-10-09 18:21 – Updated: 2024-10-09 19:48
    VLAI
    Title
    Cross-site Scripting in IncidentReporting
    Summary
    IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze IncidentReporting Affected: commits prior to 43896a4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:47:48.120176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:48:04.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IncidentReporting",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits prior to 43896a4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T18:21:58.981Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9"
            },
            {
              "name": "https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12702",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12702"
            }
          ],
          "source": {
            "advisory": "GHSA-9p36-hrmr-98r9",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting in IncidentReporting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47815",
        "datePublished": "2024-10-09T18:21:58.981Z",
        "dateReserved": "2024-10-03T14:06:12.638Z",
        "dateUpdated": "2024-10-09T19:48:04.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47812 (GCVE-0-2024-47812)

    Vulnerability from nvd – Published: 2024-10-09 18:12 – Updated: 2024-10-09 19:42
    VLAI
    Title
    Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
    Summary
    ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze ImportDump Affected: commits priot to d054b95
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47812",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:42:40.909287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:42:51.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImportDump",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits priot to d054b95"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T18:12:31.929Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9"
            },
            {
              "name": "https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12698",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12698"
            }
          ],
          "source": {
            "advisory": "GHSA-465h-45v4-6fx9",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47812",
        "datePublished": "2024-10-09T18:12:31.929Z",
        "dateReserved": "2024-10-03T14:06:12.636Z",
        "dateUpdated": "2024-10-09T19:42:51.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47782 (GCVE-0-2024-47782)

    Vulnerability from nvd – Published: 2024-10-07 21:28 – Updated: 2024-10-08 14:11
    VLAI
    Title
    Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
    Summary
    WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze WikiDiscover Affected: commits before 2ce846dd93ddb9ec86f7472c4d57fe71a09dc827
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:11:34.331700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:11:43.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WikiDiscover",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits before 2ce846dd93ddb9ec86f7472c4d57fe71a09dc827"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T21:28:01.299Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-wf48-rqx3-39mf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-wf48-rqx3-39mf"
            },
            {
              "name": "https://github.com/miraheze/WikiDiscover/commit/2ce846dd93ddb9ec86f7472c4d57fe71a09dc827",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/WikiDiscover/commit/2ce846dd93ddb9ec86f7472c4d57fe71a09dc827"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12697",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12697"
            }
          ],
          "source": {
            "advisory": "GHSA-wf48-rqx3-39mf",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47782",
        "datePublished": "2024-10-07T21:28:01.299Z",
        "dateReserved": "2024-09-30T21:28:53.236Z",
        "dateUpdated": "2024-10-08T14:11:43.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47781 (GCVE-0-2024-47781)

    Vulnerability from nvd – Published: 2024-10-07 21:30 – Updated: 2024-10-08 14:13
    VLAI
    Title
    Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
    Summary
    CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: commits before 693a220f399ee7eb4d00e77c3c667e864b1bd306
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:13:12.961123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:13:28.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits before 693a220f399ee7eb4d00e77c3c667e864b1bd306"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is an extension used at Miraheze for requesting \u0026 creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T21:30:23.058Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-h527-jh77-5g7j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-h527-jh77-5g7j"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/commit/693a220f399ee7eb4d00e77c3c667e864b1bd306",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/commit/693a220f399ee7eb4d00e77c3c667e864b1bd306"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12693"
            }
          ],
          "source": {
            "advisory": "GHSA-h527-jh77-5g7j",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47781",
        "datePublished": "2024-10-07T21:30:23.058Z",
        "dateReserved": "2024-09-30T21:28:53.236Z",
        "dateUpdated": "2024-10-08T14:13:28.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47612 (GCVE-0-2024-47612)

    Vulnerability from nvd – Published: 2024-10-02 14:22 – Updated: 2024-10-02 15:12
    VLAI
    Title
    XSS in Special:DataDump when displaying dump status
    Summary
    DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze DataDump Affected: < 601688ee8e8808a23b102fa305b178f27cbd226d
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:59:00.607636Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T15:12:04.288Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DataDump",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 601688ee8e8808a23b102fa305b178f27cbd226d"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T14:22:52.059Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj"
            },
            {
              "name": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12670",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12670"
            }
          ],
          "source": {
            "advisory": "GHSA-h8x8-24c7-r2rj",
            "discovery": "UNKNOWN"
          },
          "title": "XSS in Special:DataDump when displaying dump status"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47612",
        "datePublished": "2024-10-02T14:22:52.059Z",
        "dateReserved": "2024-09-27T20:37:22.120Z",
        "dateUpdated": "2024-10-02T15:12:04.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34701 (GCVE-0-2024-34701)

    Vulnerability from nvd – Published: 2024-05-13 15:54 – Updated: 2024-08-02 02:59
    VLAI
    Title
    CreateWiki vulnerable to impersonation of wiki requester
    Summary
    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry's on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there. Commit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the "global wiki" in `$wgCreateWikiGlobalWiki` in a user's MediaWiki settings. As a workaround, it is possible to disable the special pages outside of one's own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one's own setup. As for the REST API, before the fix, there wasn't any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one's own wiki farm..
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: < 02e0f298f8d35155c39aa74193cb7b867432c5b8
    Create a notification for this product.
    miraheze createwiki Affected: 0 , < 02e0f298f8d35155c39aa74193cb7b867432c5b8 (custom)
        cpe:2.3:a:miraheze:createwiki:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:miraheze:createwiki:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "createwiki",
                "vendor": "miraheze",
                "versions": [
                  {
                    "lessThan": "02e0f298f8d35155c39aa74193cb7b867432c5b8 ",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T17:28:58.059975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T19:06:13.272Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:21.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
              },
              {
                "name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
              },
              {
                "name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
              },
              {
                "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
              },
              {
                "name": "https://issue-tracker.miraheze.org/T12011",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/T12011"
              },
              {
                "name": "https://issue-tracker.miraheze.org/T12102",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/T12102"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 02e0f298f8d35155c39aa74193cb7b867432c5b8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry\u0027s on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there.\n\nCommit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the \"global wiki\" in `$wgCreateWikiGlobalWiki` in a user\u0027s MediaWiki settings.\n\nAs a workaround, it is possible to disable the special pages outside of one\u0027s own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one\u0027s own setup. As for the REST API, before the fix, there wasn\u0027t any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one\u0027s own wiki farm.."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-13T15:54:12.956Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12011",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12011"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12102",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12102"
            }
          ],
          "source": {
            "advisory": "GHSA-89fx-77w7-rc64",
            "discovery": "UNKNOWN"
          },
          "title": "CreateWiki vulnerable to impersonation of wiki requester"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-34701",
        "datePublished": "2024-05-13T15:54:12.956Z",
        "dateReserved": "2024-05-07T13:53:00.132Z",
        "dateUpdated": "2024-08-02T02:59:21.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29898 (GCVE-0-2024-29898)

    Vulnerability from nvd – Published: 2024-03-28 13:43 – Updated: 2024-08-02 01:17
    VLAI
    Title
    Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
    Summary
    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: 23415c17ffb4832667c06abcf1eadadefd4c8937
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-10T19:46:01.481261Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:54.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:17:58.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v"
              },
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
              },
              {
                "name": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "23415c17ffb4832667c06abcf1eadadefd4c8937"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T13:43:07.988Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c"
            }
          ],
          "source": {
            "advisory": "GHSA-5rcv-cf88-gv8v",
            "discovery": "UNKNOWN"
          },
          "title": "Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29898",
        "datePublished": "2024-03-28T13:43:07.988Z",
        "dateReserved": "2024-03-21T15:12:08.998Z",
        "dateUpdated": "2024-08-02T01:17:58.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29897 (GCVE-0-2024-29897)

    Vulnerability from nvd – Published: 2024-03-28 13:40 – Updated: 2024-09-03 18:09
    VLAI
    Title
    CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`
    Summary
    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: < 23415c17ffb4832667c06abcf1eadadefd4c8937
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:17:58.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
              },
              {
                "name": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8"
              },
              {
                "name": "https://issue-tracker.miraheze.org/F3093343",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/F3093343"
              },
              {
                "name": "https://issue-tracker.miraheze.org/T11999",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/T11999"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T19:39:30.333387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T18:09:56.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23415c17ffb4832667c06abcf1eadadefd4c8937"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request\u0027s entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T13:40:43.231Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8"
            },
            {
              "name": "https://issue-tracker.miraheze.org/F3093343",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/F3093343"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T11999",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T11999"
            }
          ],
          "source": {
            "advisory": "GHSA-4rcf-3cj2-46mq",
            "discovery": "UNKNOWN"
          },
          "title": "CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29897",
        "datePublished": "2024-03-28T13:40:43.231Z",
        "dateReserved": "2024-03-21T15:12:08.998Z",
        "dateUpdated": "2024-09-03T18:09:56.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-33541 (GCVE-0-2026-33541)

    Vulnerability from cvelistv5 – Published: 2026-03-26 20:27 – Updated: 2026-03-27 20:01
    VLAI
    Title
    TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service
    Summary
    TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS). Version 34 contains a fix for the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze TSPortal Affected: < 34
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T19:52:08.746386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T20:01:35.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TSPortal",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 34"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TSPortal is the WikiTide Foundation\u2019s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS). Version 34 contains a fix for the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T20:27:05.840Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-f346-8rp3-4h9h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-f346-8rp3-4h9h"
            }
          ],
          "source": {
            "advisory": "GHSA-f346-8rp3-4h9h",
            "discovery": "UNKNOWN"
          },
          "title": "TSPortal\u0027s Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33541",
        "datePublished": "2026-03-26T20:27:05.840Z",
        "dateReserved": "2026-03-20T18:05:11.832Z",
        "dateUpdated": "2026-03-27T20:01:35.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-29788 (GCVE-0-2026-29788)

    Vulnerability from cvelistv5 – Published: 2026-03-06 20:31 – Updated: 2026-03-09 20:54
    VLAI
    Title
    TSPortal: Anyone can forge self-deletion requests of any user
    Summary
    TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-283 - Unverified Ownership
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze TSPortal Affected: < 30
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-29788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:51:17.114554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:54:30.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TSPortal",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 30"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TSPortal is the WikiTide Foundation\u2019s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-283",
                  "description": "CWE-283: Unverified Ownership",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T20:31:17.994Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T15053",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T15053"
            }
          ],
          "source": {
            "advisory": "GHSA-gfhq-7499-f3f2",
            "discovery": "UNKNOWN"
          },
          "title": "TSPortal: Anyone can forge self-deletion requests of any user"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-29788",
        "datePublished": "2026-03-06T20:31:17.994Z",
        "dateReserved": "2026-03-04T16:26:02.899Z",
        "dateUpdated": "2026-03-09T20:54:30.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53371 (GCVE-0-2025-53371)

    Vulnerability from cvelistv5 – Published: 2025-07-10 17:26 – Updated: 2025-07-10 17:47
    VLAI
    Title
    DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs
    Summary
    DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze DiscordNotifications Affected: < 1f20d850cbcce5b15951c7c6127b87b927a5415e
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53371",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T17:47:50.722427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T17:47:56.055Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DiscordNotifications",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1f20d850cbcce5b15951c7c6127b87b927a5415e"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T17:26:02.512Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65"
            },
            {
              "name": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e"
            }
          ],
          "source": {
            "advisory": "GHSA-gvfx-p3h5-qf65",
            "discovery": "UNKNOWN"
          },
          "title": "DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-53371",
        "datePublished": "2025-07-10T17:26:02.512Z",
        "dateReserved": "2025-06-27T12:57:16.121Z",
        "dateUpdated": "2025-07-10T17:47:56.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-43861 (GCVE-0-2025-43861)

    Vulnerability from cvelistv5 – Published: 2025-04-24 20:49 – Updated: 2025-04-25 19:32
    VLAI
    Title
    ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection
    Summary
    ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze ManageWiki Affected: < 2f177dc
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T19:31:56.539838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T19:32:14.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ManageWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2f177dc"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the \"Review Changes\" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-24T20:49:57.692Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv"
            },
            {
              "name": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab"
            }
          ],
          "source": {
            "advisory": "GHSA-859x-46h8-vcrv",
            "discovery": "UNKNOWN"
          },
          "title": "ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-43861",
        "datePublished": "2025-04-24T20:49:57.692Z",
        "dateReserved": "2025-04-17T20:07:08.556Z",
        "dateUpdated": "2025-04-25T19:32:14.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32964 (GCVE-0-2025-32964)

    Vulnerability from cvelistv5 – Published: 2025-04-22 17:15 – Updated: 2025-04-22 17:35
    VLAI
    Title
    ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
    Summary
    ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    miraheze ManageWiki Affected: < 00bebea
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32964",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T17:35:26.566312Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T17:35:37.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ManageWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 00bebea"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-22T17:15:03.200Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr"
            },
            {
              "name": "https://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd"
            }
          ],
          "source": {
            "advisory": "GHSA-ccrf-x5rp-gppr",
            "discovery": "UNKNOWN"
          },
          "title": "ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-32964",
        "datePublished": "2025-04-22T17:15:03.200Z",
        "dateReserved": "2025-04-14T21:47:11.453Z",
        "dateUpdated": "2025-04-22T17:35:37.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-32956 (GCVE-0-2025-32956)

    Vulnerability from cvelistv5 – Published: 2025-04-21 20:45 – Updated: 2025-05-12 15:40
    VLAI
    Title
    ManageWiki has SQL injection vulnerability in NamespaceMigrationJob
    Summary
    ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    miraheze ManageWiki Affected: < f504ed8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T13:37:16.343745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T13:37:53.320Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:40:28.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.vicarius.io/vsociety/posts/cve-2025-32956-detect-mediawiki-vulnerability"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/cve-2025-32956-mitigate-mediawiki-vulnerability"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ManageWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c f504ed8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki[\u0027namespaces\u0027] = false;`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-21T20:45:49.523Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7"
            },
            {
              "name": "https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9"
            }
          ],
          "source": {
            "advisory": "GHSA-gg42-cv66-f5x7",
            "discovery": "UNKNOWN"
          },
          "title": "ManageWiki has SQL injection vulnerability in NamespaceMigrationJob"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-32956",
        "datePublished": "2025-04-21T20:45:49.523Z",
        "dateReserved": "2025-04-14T21:47:11.452Z",
        "dateUpdated": "2025-05-12T15:40:28.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47815 (GCVE-0-2024-47815)

    Vulnerability from cvelistv5 – Published: 2024-10-09 18:21 – Updated: 2024-10-09 19:48
    VLAI
    Title
    Cross-site Scripting in IncidentReporting
    Summary
    IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze IncidentReporting Affected: commits prior to 43896a4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:47:48.120176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:48:04.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IncidentReporting",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits prior to 43896a4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T18:21:58.981Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9"
            },
            {
              "name": "https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12702",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12702"
            }
          ],
          "source": {
            "advisory": "GHSA-9p36-hrmr-98r9",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting in IncidentReporting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47815",
        "datePublished": "2024-10-09T18:21:58.981Z",
        "dateReserved": "2024-10-03T14:06:12.638Z",
        "dateUpdated": "2024-10-09T19:48:04.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47816 (GCVE-0-2024-47816)

    Vulnerability from cvelistv5 – Published: 2024-10-09 18:19 – Updated: 2024-10-09 19:44
    VLAI
    Title
    Users can impersonate import requesters if their actor IDs coincide in ImportDump
    Summary
    ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they're the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it's marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-282 - Improper Ownership Management
    Assigner
    Impacted products
    Vendor Product Version
    miraheze ImportDump Affected: commits prior to 5c91dfc
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:44:13.313675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:44:51.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImportDump",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits prior to 5c91dfc"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImportDump is a mediawiki extension designed to automate user import requests. A user\u0027s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they\u0027re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it\u0027s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-282",
                  "description": "CWE-282: Improper Ownership Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T18:19:17.108Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-jjmq-mg36-6387"
            },
            {
              "name": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ImportDump/commit/5c91dfce78320e717516ee65ef5a05f01979ee6c"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12701",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12701"
            }
          ],
          "source": {
            "advisory": "GHSA-jjmq-mg36-6387",
            "discovery": "UNKNOWN"
          },
          "title": "Users can impersonate import requesters if their actor IDs coincide in ImportDump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47816",
        "datePublished": "2024-10-09T18:19:17.108Z",
        "dateReserved": "2024-10-03T14:06:12.638Z",
        "dateUpdated": "2024-10-09T19:44:51.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47812 (GCVE-0-2024-47812)

    Vulnerability from cvelistv5 – Published: 2024-10-09 18:12 – Updated: 2024-10-09 19:42
    VLAI
    Title
    Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
    Summary
    ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze ImportDump Affected: commits priot to d054b95
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47812",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:42:40.909287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:42:51.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImportDump",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits priot to d054b95"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T18:12:31.929Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9"
            },
            {
              "name": "https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12698",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12698"
            }
          ],
          "source": {
            "advisory": "GHSA-465h-45v4-6fx9",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47812",
        "datePublished": "2024-10-09T18:12:31.929Z",
        "dateReserved": "2024-10-03T14:06:12.636Z",
        "dateUpdated": "2024-10-09T19:42:51.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47781 (GCVE-0-2024-47781)

    Vulnerability from cvelistv5 – Published: 2024-10-07 21:30 – Updated: 2024-10-08 14:13
    VLAI
    Title
    Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
    Summary
    CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: commits before 693a220f399ee7eb4d00e77c3c667e864b1bd306
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:13:12.961123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:13:28.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits before 693a220f399ee7eb4d00e77c3c667e864b1bd306"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is an extension used at Miraheze for requesting \u0026 creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T21:30:23.058Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-h527-jh77-5g7j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-h527-jh77-5g7j"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/commit/693a220f399ee7eb4d00e77c3c667e864b1bd306",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/commit/693a220f399ee7eb4d00e77c3c667e864b1bd306"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12693"
            }
          ],
          "source": {
            "advisory": "GHSA-h527-jh77-5g7j",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47781",
        "datePublished": "2024-10-07T21:30:23.058Z",
        "dateReserved": "2024-09-30T21:28:53.236Z",
        "dateUpdated": "2024-10-08T14:13:28.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47782 (GCVE-0-2024-47782)

    Vulnerability from cvelistv5 – Published: 2024-10-07 21:28 – Updated: 2024-10-08 14:11
    VLAI
    Title
    Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
    Summary
    WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze WikiDiscover Affected: commits before 2ce846dd93ddb9ec86f7472c4d57fe71a09dc827
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:11:34.331700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:11:43.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WikiDiscover",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "commits before 2ce846dd93ddb9ec86f7472c4d57fe71a09dc827"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T21:28:01.299Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-wf48-rqx3-39mf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-wf48-rqx3-39mf"
            },
            {
              "name": "https://github.com/miraheze/WikiDiscover/commit/2ce846dd93ddb9ec86f7472c4d57fe71a09dc827",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/WikiDiscover/commit/2ce846dd93ddb9ec86f7472c4d57fe71a09dc827"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12697",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12697"
            }
          ],
          "source": {
            "advisory": "GHSA-wf48-rqx3-39mf",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47782",
        "datePublished": "2024-10-07T21:28:01.299Z",
        "dateReserved": "2024-09-30T21:28:53.236Z",
        "dateUpdated": "2024-10-08T14:11:43.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47612 (GCVE-0-2024-47612)

    Vulnerability from cvelistv5 – Published: 2024-10-02 14:22 – Updated: 2024-10-02 15:12
    VLAI
    Title
    XSS in Special:DataDump when displaying dump status
    Summary
    DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    miraheze DataDump Affected: < 601688ee8e8808a23b102fa305b178f27cbd226d
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:59:00.607636Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T15:12:04.288Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DataDump",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 601688ee8e8808a23b102fa305b178f27cbd226d"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T14:22:52.059Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj"
            },
            {
              "name": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12670",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12670"
            }
          ],
          "source": {
            "advisory": "GHSA-h8x8-24c7-r2rj",
            "discovery": "UNKNOWN"
          },
          "title": "XSS in Special:DataDump when displaying dump status"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-47612",
        "datePublished": "2024-10-02T14:22:52.059Z",
        "dateReserved": "2024-09-27T20:37:22.120Z",
        "dateUpdated": "2024-10-02T15:12:04.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34701 (GCVE-0-2024-34701)

    Vulnerability from cvelistv5 – Published: 2024-05-13 15:54 – Updated: 2024-08-02 02:59
    VLAI
    Title
    CreateWiki vulnerable to impersonation of wiki requester
    Summary
    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry's on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there. Commit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the "global wiki" in `$wgCreateWikiGlobalWiki` in a user's MediaWiki settings. As a workaround, it is possible to disable the special pages outside of one's own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one's own setup. As for the REST API, before the fix, there wasn't any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one's own wiki farm..
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: < 02e0f298f8d35155c39aa74193cb7b867432c5b8
    Create a notification for this product.
    miraheze createwiki Affected: 0 , < 02e0f298f8d35155c39aa74193cb7b867432c5b8 (custom)
        cpe:2.3:a:miraheze:createwiki:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:miraheze:createwiki:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "createwiki",
                "vendor": "miraheze",
                "versions": [
                  {
                    "lessThan": "02e0f298f8d35155c39aa74193cb7b867432c5b8 ",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T17:28:58.059975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T19:06:13.272Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:21.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
              },
              {
                "name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
              },
              {
                "name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
              },
              {
                "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
              },
              {
                "name": "https://issue-tracker.miraheze.org/T12011",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/T12011"
              },
              {
                "name": "https://issue-tracker.miraheze.org/T12102",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/T12102"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 02e0f298f8d35155c39aa74193cb7b867432c5b8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry\u0027s on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there.\n\nCommit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the \"global wiki\" in `$wgCreateWikiGlobalWiki` in a user\u0027s MediaWiki settings.\n\nAs a workaround, it is possible to disable the special pages outside of one\u0027s own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one\u0027s own setup. As for the REST API, before the fix, there wasn\u0027t any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one\u0027s own wiki farm.."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-13T15:54:12.956Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-89fx-77w7-rc64"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/commit/02e0f298f8d35155c39aa74193cb7b867432c5b8"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/1798e53901a202b62edab32f8bcd5c6b9e574191"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/e5664995fbb8644f9a80b450b4326194f20f9ddc"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12011",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12011"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T12102",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T12102"
            }
          ],
          "source": {
            "advisory": "GHSA-89fx-77w7-rc64",
            "discovery": "UNKNOWN"
          },
          "title": "CreateWiki vulnerable to impersonation of wiki requester"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-34701",
        "datePublished": "2024-05-13T15:54:12.956Z",
        "dateReserved": "2024-05-07T13:53:00.132Z",
        "dateUpdated": "2024-08-02T02:59:21.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29898 (GCVE-0-2024-29898)

    Vulnerability from cvelistv5 – Published: 2024-03-28 13:43 – Updated: 2024-08-02 01:17
    VLAI
    Title
    Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
    Summary
    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: 23415c17ffb4832667c06abcf1eadadefd4c8937
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-10T19:46:01.481261Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:54.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:17:58.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v"
              },
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
              },
              {
                "name": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "23415c17ffb4832667c06abcf1eadadefd4c8937"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T13:43:07.988Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
            },
            {
              "name": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c"
            }
          ],
          "source": {
            "advisory": "GHSA-5rcv-cf88-gv8v",
            "discovery": "UNKNOWN"
          },
          "title": "Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29898",
        "datePublished": "2024-03-28T13:43:07.988Z",
        "dateReserved": "2024-03-21T15:12:08.998Z",
        "dateUpdated": "2024-08-02T01:17:58.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29897 (GCVE-0-2024-29897)

    Vulnerability from cvelistv5 – Published: 2024-03-28 13:40 – Updated: 2024-09-03 18:09
    VLAI
    Title
    CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`
    Summary
    CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    miraheze CreateWiki Affected: < 23415c17ffb4832667c06abcf1eadadefd4c8937
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:17:58.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
              },
              {
                "name": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8"
              },
              {
                "name": "https://issue-tracker.miraheze.org/F3093343",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/F3093343"
              },
              {
                "name": "https://issue-tracker.miraheze.org/T11999",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issue-tracker.miraheze.org/T11999"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T19:39:30.333387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T18:09:56.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CreateWiki",
              "vendor": "miraheze",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23415c17ffb4832667c06abcf1eadadefd4c8937"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CreateWiki is Miraheze\u0027s MediaWiki extension for requesting \u0026 creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request\u0027s entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T13:40:43.231Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq"
            },
            {
              "name": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8"
            },
            {
              "name": "https://issue-tracker.miraheze.org/F3093343",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/F3093343"
            },
            {
              "name": "https://issue-tracker.miraheze.org/T11999",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issue-tracker.miraheze.org/T11999"
            }
          ],
          "source": {
            "advisory": "GHSA-4rcf-3cj2-46mq",
            "discovery": "UNKNOWN"
          },
          "title": "CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29897",
        "datePublished": "2024-03-28T13:40:43.231Z",
        "dateReserved": "2024-03-21T15:12:08.998Z",
        "dateUpdated": "2024-09-03T18:09:56.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }