Globalnewfiles
Approved changes feed: RSS · Atom
cpe:2.3:a:miraheze:globalnewfiles:*:*:*:*:*:mediawiki:*:*
part: a version: * update: *
| Vendor | Miraheze (5ffeb676-d6da-5511-9ca2-20a2724bc0d2) |
|---|---|
| Product | Globalnewfiles (351306f2-ffaa-541a-b124-8e3449d843f3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | mediawiki |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-39186 |
vulnerable | 2026-06-08 05:33:49.157509 |
Improper Input Validation in GlobalNewFiles
MEDIUM (4.3)
GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible.
Published: 2021-09-01T20:35:12.000Z
Updated: 2024-08-04T01:58:18.137Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32722 |
vulnerable | 2026-06-08 05:32:07.902640 |
Uncontrolled Resource Consumption in GlobalNewFiles
MEDIUM (6.5)
GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d.
Published: 2021-06-28T19:25:11.000Z
Updated: 2024-08-03T23:33:54.827Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.