MediaWiki 1.40.0 Release Candidate 0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:*

part: a version: 1.40.0 update: rc0

VendorMediawiki (cdb1ca1d-4622-5407-a7d8-3e891579b8c5)
ProductMediawiki (ab97168e-95e7-5d6e-a2ac-f8d27117dc4d)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/wikimedia/mediawiki purl2cpe 2026-06-01 10:10:57.667070
pkg:wikimedia/mediawiki purl2cpe 2026-06-01 10:10:57.667072

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-45362 vulnerable 2026-06-03 14:53:07.981442 Details available
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
Published: 2023-11-03T00:00:00.000Z
Updated: 2025-11-04T17:12:46.030Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-45360 vulnerable 2026-06-03 14:53:07.979655 Details available
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Published: 2023-11-03T00:00:00.000Z
Updated: 2025-11-04T17:12:44.674Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.