Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: mediawiki

Found 27 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2025-11261
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse accepted 2 months, 3 weeks ago
  • @LeSuisse published on GitHub 2 months, 3 weeks ago
Stored i18n XSS exposed by security patch for T402077

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from * before 1.39.15, 1.43.5, 1.44.2.

Affected products

MediaWiki
  • <1.39.15, 1.43.5, 1.44.2

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Published
Permalink CVE-2025-61644
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse accepted 2 months, 3 weeks ago
  • @LeSuisse published on GitHub 2 months, 3 weeks ago
i18n XSS through Special:Watchlist

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from * before > fb856ce9cf121e046305116852cca4899ecb48ca.

Affected products

MediaWiki
  • <> fb856ce9cf121e046305116852cca4899ecb48ca

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Apparently fixed after https://github.com/wikimedia/mediawiki/commit/fb856ce9cf121e046305116852cca4899ecb48ca (MW 1.45.1)
Untriaged
Permalink CVE-2025-6589
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0.

Affected products

MediaWiki
  • ==>= 1.42.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Untriaged
Permalink CVE-2025-6597
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
MediaWiki should not consider autocreation as login for the purposes of security reauthentication

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7, 1.43.2, 1.44.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Untriaged
Permalink CVE-2025-61639
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Suppressed blocked IP is visible in Special:BlockList, RC, and other places

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Untriaged
Permalink CVE-2025-61634
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
HTML rest endpoint needs PoolCounter and proper parser cache check

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Untriaged
Permalink CVE-2025-61641
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
API list=allpages with maxsize is making really slow queries

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers