vulnerability
FreeBSD: VID-0a50bb48-625f-11ec-a1fb-080027cb2f6f (CVE-2021-44856): mediawiki -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Dec 21, 2021 | Nov 4, 2022 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Dec 21, 2021
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Mediawiki reports: (T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis. (T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel. (T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages. (T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions. (T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action (T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog. (T294686) Special:Nuke doesn't actually delete pages.
Solutions
freebsd-upgrade-package-mediawiki135freebsd-upgrade-package-mediawiki136freebsd-upgrade-package-mediawiki137
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.