Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Universal-Omega
CVE-2025-53625 (GCVE-0-2025-53625)
Vulnerability from cvelistv5 – Published: 2025-07-10 18:31 – Updated: 2025-07-10 19:01
VLAI
Title
DynamicPageList3 exposes hidden/suppressed usernames
Summary
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Universal-Omega/DynamicPageLis… | x_refsource_CONFIRM |
| https://github.com/Universal-Omega/DynamicPageLis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Universal-Omega | DynamicPageList3 |
Affected:
< 3.6.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53625",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T19:01:36.096118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T19:01:40.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DynamicPageList3",
"vendor": "Universal-Omega",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:31:22.996Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
},
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6"
}
],
"source": {
"advisory": "GHSA-7pgw-q3qp-6pgq",
"discovery": "UNKNOWN"
},
"title": "DynamicPageList3 exposes hidden/suppressed usernames"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53625",
"datePublished": "2025-07-10T18:31:22.996Z",
"dateReserved": "2025-07-07T14:20:38.388Z",
"dateUpdated": "2025-07-10T19:01:40.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41118 (GCVE-0-2021-41118)
Vulnerability from cvelistv5 – Published: 2021-10-04 18:35 – Updated: 2024-08-04 02:59
VLAI
Title
ReDoS in DynamicPageList3
Summary
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.
Severity
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Universal-Omega/DynamicPageLis… | x_refsource_CONFIRM |
| https://github.com/Universal-Omega/DynamicPageLis… | x_refsource_MISC |
| https://github.com/Universal-Omega/DynamicPageLis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Universal-Omega | DynamicPageList3 |
Affected:
< 3.3.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DynamicPageList3",
"vendor": "Universal-Omega",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings[\u0027functionalRichness\u0027] = 0;` or disable DynamicPageList3 to mitigate."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T18:35:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6"
}
],
"source": {
"advisory": "GHSA-8f24-q75c-jhf4",
"discovery": "UNKNOWN"
},
"title": "ReDoS in DynamicPageList3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41118",
"STATE": "PUBLIC",
"TITLE": "ReDoS in DynamicPageList3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DynamicPageList3",
"version": {
"version_data": [
{
"version_value": "\u003c 3.3.6"
}
]
}
}
]
},
"vendor_name": "Universal-Omega"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings[\u0027functionalRichness\u0027] = 0;` or disable DynamicPageList3 to mitigate."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4",
"refsource": "CONFIRM",
"url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4"
},
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7",
"refsource": "MISC",
"url": "https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7"
},
{
"name": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6",
"refsource": "MISC",
"url": "https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6"
}
]
},
"source": {
"advisory": "GHSA-8f24-q75c-jhf4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41118",
"datePublished": "2021-10-04T18:35:10.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}