CosmicAlpha

4 exploits Active since Apr 2025
CVE-2025-32956 WRITEUP HIGH WRITEUP
ManageWiki < 2025-04-20 - SQL Injection via Namespace Renaming
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`.
CVSS 8.0
CVE-2025-32964 WRITEUP MEDIUM WRITEUP
ManageWiki < 2025-04-21 - Improper Authorization via Conflicting Extension Handling
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
CVSS 4.6
CVE-2025-43861 WRITEUP MEDIUM WRITEUP
ManageWiki < 2025-04-24 - Authenticated Stored Cross-Site Scripting in Review Dialog
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.
CVSS 4.4
CVE-2025-53625 WRITEUP HIGH WRITEUP
DynamicPageList3 < 3.6.4 - Exposure of Hidden Usernames via DPL Parameters
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.