Vulnerabilities in miraheze
23 resultsCVE-2021-32722MEDIUMUncontrolled Resource Consumption in GlobalNewFilesEPSS 1.3%CVE-2021-29483CRITICALwikiconfig API leaked private config variables set through ManageWikiEPSS 1.2%CVE-2021-39186MEDIUMImproper Input Validation in GlobalNewFilesEPSS 1.0%CVE-2022-24813MEDIUMAuthentication Bypass Using an Alternate Path or Channel in CreateWikiEPSS 1.0%CVE-2024-29897MEDIUMCreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki`EPSS 0.7%CVE-2024-29898MEDIUMOversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikisEPSS 0.7%CVE-2024-34701MEDIUMCreateWiki vulnerable to impersonation of wiki requesterEPSS 0.6%CVE-2024-29883MEDIUMCreateWiki's wiki request suppression ignores the suppression settings set by the suppressorEPSS 0.6%CVE-2025-32956HIGHManageWiki has SQL injection vulnerability in NamespaceMigrationJobEPSS 0.5%CVE-2021-32774MEDIUMCross-Site Request Forgery (CSRF) in DataDumpEPSS 0.5%CVE-2024-25109MEDIUMCross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWikiEPSS 0.4%CVE-2024-47815MEDIUMCross-site Scripting in IncidentReportingEPSS 0.4%CVE-2024-25107MEDIUMCross-Site Scripting in WikiDiscoverEPSS 0.4%CVE-2024-47812MEDIUMCross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDumpEPSS 0.4%CVE-2024-47816MEDIUMUsers can impersonate import requesters if their actor IDs coincide in ImportDumpEPSS 0.3%CVE-2025-53371CRITICALDiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLsEPSS 0.3%CVE-2024-47782HIGHCross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscoverEPSS 0.3%CVE-2024-47612LOWXSS in Special:DataDump when displaying dump statusEPSS 0.3%CVE-2024-47781MEDIUMCross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWikiEPSS 0.3%CVE-2026-33541MEDIUMTSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of ServiceEPSS 0.3%