FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0a50bb48-625f-11ec-a1fb-080027cb2f6fmediawiki -- multiple vulnerabilities

Mediawiki reports:

(T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis.

(T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel.

(T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages.

(T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions.

(T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action

(T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog.

(T294686) Special:Nuke doesn't actually delete pages.


Discovery 2021-12-01
Entry 2021-12-21
mediawiki135
< 1.35.5

mediawiki136
< 1.36.3

mediawiki137
< 1.37.1

CVE-2021-44854
CVE-2021-44856
CVE-2021-44857
CVE-2021-44858
CVE-2021-45038
CVE-2021-44855
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/