Vulnerabilities (CVE)

Filtered by vendor Miraheze Subscribe
Filtered by product Managewiki
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-25109 1 Miraheze 1 Managewiki 2024-11-21 N/A 6.5 MEDIUM
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability.
CVE-2021-29483 1 Miraheze 1 Managewiki 2024-11-21 5.0 MEDIUM 9.4 CRITICAL
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.