Managewiki
Approved changes feed: RSS · Atom
cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Miraheze (5ffeb676-d6da-5511-9ca2-20a2724bc0d2) |
|---|---|
| Product | Managewiki (77ae95bf-ddf1-53a7-99ac-e425f7133cea) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/miraheze/managewiki |
purl2cpe | 2026-06-01 10:11:24.337313 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-43861 |
vulnerable | 2026-06-08 07:25:10.409354 |
ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection
MEDIUM (4.4)
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
Published: 2025-04-24T20:49:57.692Z
Updated: 2025-04-25T19:32:14.066Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32964 |
vulnerable | 2026-06-08 07:19:01.242549 |
ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
MEDIUM (4.6)
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
Published: 2025-04-22T17:15:03.200Z
Updated: 2025-04-22T17:35:37.926Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32956 |
vulnerable | 2026-06-08 07:19:01.232975 |
ManageWiki has SQL injection vulnerability in NamespaceMigrationJob
HIGH (8)
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`.
Published: 2025-04-21T20:45:49.523Z
Updated: 2025-05-12T15:40:28.138Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25109 |
vulnerable | 2026-06-08 06:31:22.154191 |
Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki
MEDIUM (6.5)
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability.
Published: 2024-02-09T22:25:48.347Z
Updated: 2024-08-01T23:36:21.701Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-29483 |
vulnerable | 2026-06-08 05:31:26.445285 |
wikiconfig API leaked private config variables set through ManageWiki
CRITICAL (9.4)
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.
Published: 2021-04-28T21:25:13.000Z
Updated: 2024-08-03T22:11:05.326Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.