GCVE - cpe:2.3:a:mediawiki:mediawiki:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Mediawiki (`ab97168e-95e7-5d6e-a2ac-f8d27117dc4d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.591872
`pkg:wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.591874

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-40597`	vulnerable	2026-06-03 14:56:33.153205	Details available An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.) Published: 2024-07-06T00:00:00.000Z Updated: 2024-08-02T04:33:11.675Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T326865	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-34507`	vulnerable	2026-06-03 14:55:54.166200	Details available An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. Published: 2024-05-05T00:00:00.000Z Updated: 2025-11-04T17:20:49.491Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T355538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-34506`	vulnerable	2026-06-03 14:55:54.165697	Details available An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. Published: 2024-05-05T00:00:00.000Z Updated: 2025-11-04T17:20:48.114Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T357760 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45361`	vulnerable	2026-06-03 14:53:07.980950	Details available An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages. Published: 2024-10-09T00:00:00.000Z Updated: 2025-03-13T20:13:31.819Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T340220 https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12051`	vulnerable	2026-06-03 14:41:33.213142	Details available The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser. Published: 2020-04-21T21:24:33.000Z Updated: 2024-08-04T11:48:58.044Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T250594 https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.