CVE list

This is a partial list of security vulnerabilities, that I (Brian Wolff) have discovered.

CVEProduct/ComponentDescriptionLinks
CVE-2023-29134MediaWiki/CargoSQL injection in Cargo due to handling of apostrophes inside backticksT331362
CVE-2023-29136MediaWiki/CargoSQL injection in Cargo handling of html entitiesT331352
CVE-2023-35333Microsoft/MediaWiki-PandocUploadShell injection in PandocUpload mediawiki extensiongit
CVE-2023-37254MediaWiki/CargoXSS in Special:CargoQuery improper escapingT331065
CVE-2023-37256MediaWiki/CargoXSS - javascript urls allowed in cargo linksT331311
CVE-2023-29133MediaWiki/CargoXSS in Searchtext formatter in Cargo extensionT331321
CVE-2023-29134MediaWiki/CargoSQL injection due to backtick handling in Cargo extensionT331362
CVE-2023-22912MediaWiki/CheckUserCryptography (AES-CTR) incorectly using repeated noncebug report
CVE-2023-22911MediaWiki/WidgetsWidget extension XSS when used inside html attributebug report
CVE-2022-47927MediaWikiSQLite DB containing credentials created world-readablebug report
CVE-2022-29969MediaWiki/RSS extensionXSS in non-default configbug report
CVE-2022-23632TraefikMutual TLS requirements bypass using FQDNblog write up Security advisory
CVE-2020-9868MacOS/SecurityIf an administrator marks a custom self-signed leaf certificate (i.e. CA:false basic constraint) as trusted, the CA:false basic constraint is ignored, allowing the leaf certificate to be used to sign other leaf certificates as trustedadvisory
GHSA-c27r-x354-4m68xml-cryptoSignature algorithm confusion in XMLSignature (SAML) support allowing signature verification bypassadvisory
CVE-2021-21239pysaml2Unspecified xmlsec key preference allows insecure methods to be used allowing signature bypassadvisory
n/aMediaWiki/CargoSQL injection into CREATE TABLE statement in Cargo extensionT188474
n/aWikimedia/MobileappsXSS in mobile apps HTML generatorbug report
n/aMediaWiki/CentralNoticeXSS in error handlingbug report
CVE-2017-8808MediaWiki[low severity] XSS in non-default config and non-standard browserbug report
CVE-2017-8808
CVE-2017-8812
CVE-2017-8815
MediaWikiXSS in LanguageConverterbug report,bug report 2
CVE-2017-0364MediaWikiOpen redirect in Special:Searchbug report
CVE-2017-0365MediaWikiXSS in non-default config in search highlighterbug report
CVE-2017-0368MediaWikiWikicode injection into error message allowing restriction bypass and XSS in some configurationsbug report
CVE-2017-0367MediaWikiUnsafe temporary file usage allowing privilege escalation on shared systembug report
n/aMediaWiki/KatographerXSS by bypassing html sanitization using keys named __proto__bug report
CVE-2016-6334MediaWikiXSS in link parsing codebug report
CVE-2016-6333MediaWikiXSS in processing of CSSbug report
n/aMediaWikiLogin attempt throttle bypassbug report
n/aMediaWikiXSS in MediaWiki parser due to strip marker handlingbug report
CVE-2015-2933MediaWikiXSS in language converterbug report
CVE-2015-2932MediaWikiXSS via SVG sanitizer bypassbug report
n/aMediaWiki/RelatedArticlesXSS in #related: parser functionbug report
n/aMediaWiki/TimedMediaHandlerXSS in TimedMediaHandler extension data-videopayload attributebug report