FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki139 < 1.39.7
mediawiki140 < 1.40.3
mediawiki141 < 1.41.1

Details

VuXML ID d58726ff-ef5e-11ee-8d8e-080027a5b8e9
Discovery 2024-03-15
Entry 2024-03-31

Mediawiki reports:

(T355538, CVE-2024-PENDING) SECURITY: XSS in edit summary parser.

(T357760, CVE-2024-PENDING) SECURITY: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.

References

URL https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/