📦

mediawiki

Vendor: mediawiki

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 5 Code Available
Total RCEs 7 Remote Access
Total CVEs 2156 Total Indexed
Avg. EPSS 0.91% Exploit Prob.
Latest CVE CVE-2026-34095 May 11

Security Vulnerability Index

Page 5 / 216
6.5 CVSS
CVE-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.

EPSS: 0.07%
4.8 CVSS
CVE-2024-40600

An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

EPSS: 0.13%
4.8 CVSS
CVE-2024-40599

An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

EPSS: 0.13%
4.3 CVSS
CVE-2024-40598

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)

EPSS: 0.14%
7.5 CVSS
CVE-2024-40597

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)

EPSS: 0.38%
4.3 CVSS
CVE-2024-40596

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)

EPSS: 0.14%
7.4 CVSS
CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

EPSS: 0.44%
7.5 CVSS
CVE-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

EPSS: 0.17%
9.8 CVSS
CVE-2024-34502

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.

EPSS: 0.16%
6.1 CVSS
CVE-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

EPSS: 0.30%