Debian Mediawiki vulnerabilities

CVE-2025-67475 [NONE] CVE-2025-67475: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. Scope: local bookworm: resolved (fixed in 1:1.39.17

CVE-2024-34506 [HIGH] CVE-2024-34506: mediawiki - An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki be... An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. Scope: local bookw

CVE-2024-34507 [HIGH] CVE-2024-34507: mediawiki - An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaW... An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. Scope: local bookworm: resolved (fixed in 1:1.39.7-1~deb12u1) bullseye: resolved forky: resolved (fixed in

CVE-2024-47913 [MEDIUM] CVE-2024-47913: mediawiki - An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9... An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. Scope: local bookworm: resolved (fixed in 1:1.39.10-1~deb12u1) bullseye: resol

CVE-2023-29141 [CRITICAL] CVE-2023-29141: mediawiki - An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x befor... An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. Scope: local bookworm: resolved (fixed in 1:1.39.4-1~deb12u1) bullseye: resolved (fixed in 1:1.35.11-1~deb11u1) forky: resolved (fixed in 1:1.39.4-1) sid: resolved (fixed in 1:1.39.

CVE-2023-3550 [HIGH] CVE-2023-3550: mediawiki - Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if... Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. Scope: local bookworm: resolved (fixed in 1:1.39.5-1~deb12u1) bullseye: reso

CVE-2023-45363 [HIGH] CVE-2023-45363: mediawiki - An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x th... An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. Scope: local bookworm: resolved (fixed in 1:1.39.5-

CVE-2023-45364 [MEDIUM] CVE-2023-45364: mediawiki - An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through... An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. Scope:

CVE-2023-45361 [MEDIUM] CVE-2023-45361: mediawiki - An issue was discovered in VectorComponentUserLinks.php in the Vector Skin compo... An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages. Scope: local bookworm: resolved (fixed in 1:1.39.5-1~deb12u1) bullseye: resolved forky: resolved (fixed in 1:1.3

CVE-2023-45362 [MEDIUM] CVE-2023-45362: mediawiki - An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.3... An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. Scope: local bookworm: resolved (fixed in 1:1.39.5-1~deb12u1) bullseye: resolved (fix

CVE-2023-36674 [MEDIUM] CVE-2023-36674: mediawiki - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x befor... An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax. Scope: local bookworm: resolved (fixed in 1:1.39.4-1~deb12u1) bullseye: resolved (fixed in 1:1.35.11-

CVE-2023-45359 [MEDIUM] CVE-2023-45359: mediawiki - An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5... An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. Scope: local bookworm: resolved (fixed in 1:1.39.5-1~deb12u1) bullseye: resolved forky: resolved (fixed in 1:1.39.5-1) sid: resolved (fixed in 1:1.39.5-1)

CVE-2023-51704 [MEDIUM] CVE-2023-51704: mediawiki - An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x befor... An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. Scope: local bookworm: resolved (fixed in 1:1.39.7-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u3) forky: resolved (fixed in 1

CVE-2023-45360 [MEDIUM] CVE-2023-45360: mediawiki - An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x befor... An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. Scope: local bookworm: resolved (fixed in 1:1.39.5-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1~deb11

CVE-2023-36675 [MEDIUM] CVE-2023-36675: mediawiki - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x befor... An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. Scope: local bookworm: resolved (fixed in 1:1.39.4-1~deb12u1) bullseye: resolved (fixed in 1:1.35.11-1~deb11u1) forky: resolved (fixed in 1:1.39.4-1) sid: resolved

CVE-2022-28203 [HIGH] CVE-2022-28203: mediawiki - A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x befo... A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. Scope: local bookworm: resolved (fixed in 1:1.35.6-1) bullseye: resolved (fixed in 1:1.35.8-1~deb11u1) forky: resolved (fixed in 1:

CVE-2022-31090 [HIGH] CVE-2022-31090: guzzle - Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are s... Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we cho

CVE-2022-29248 [HIGH] CVE-2022-29248: guzzle - Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a... Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled

CVE-2022-31043 [HIGH] CVE-2022-31043: guzzle - Guzzle is an open source PHP HTTP client. In affected versions `Authorization` h... Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the

CVE-2022-31091 [HIGH] CVE-2022-31091: guzzle - Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on r... Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only co