Filtered by vendor Mediawiki
Subscriptions
Filtered by product Mediawiki
Subscriptions
Total
355 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12467 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2020-08-24 | N/A |
| MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2013-1951 | 3 Debian, Linux, Mediawiki | 3 Debian Linux, Linux Kernel, Mediawiki | 2020-08-18 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | ||||
| CVE-2020-10959 | 1 Mediawiki | 1 Mediawiki | 2020-06-02 | 6.1 Medium |
| resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | ||||
| CVE-2012-4381 | 1 Mediawiki | 1 Mediawiki | 2020-02-12 | 8.1 High |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | ||||
| CVE-2013-4572 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2020-02-10 | 7.5 High |
| The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | ||||
| CVE-2014-9481 | 1 Mediawiki | 1 Mediawiki | 2020-02-05 | 5.9 Medium |
| The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | ||||
| CVE-2013-6455 | 1 Mediawiki | 1 Mediawiki | 2020-01-30 | 5.3 Medium |
| The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | ||||
| CVE-2013-6451 | 1 Mediawiki | 1 Mediawiki | 2020-01-30 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | ||||
| CVE-2020-6163 | 1 Mediawiki | 1 Mediawiki | 2020-01-15 | 6.1 Medium |
| The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). | ||||
| CVE-2019-19910 | 1 Mediawiki | 1 Mediawiki | 2019-12-31 | 6.1 Medium |
| The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context. | ||||
| CVE-2013-4303 | 1 Mediawiki | 1 Mediawiki | 2019-12-19 | 6.1 Medium |
| includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | ||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 7.5 High |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | ||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 7.5 High |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | ||||
| CVE-2018-0503 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-11-07 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | ||||
| CVE-2018-0505 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-11-07 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | ||||
| CVE-2018-0504 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-11-07 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | ||||
| CVE-2012-0046 | 1 Mediawiki | 1 Mediawiki | 2019-10-31 | 7.5 High |
| mediawiki allows deleted text to be exposed | ||||
| CVE-2017-0367 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-03 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | ||||
| CVE-2017-8812 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-03 | N/A |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | ||||
| CVE-2017-0369 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-03 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | ||||