Filtered by vendor Mediawiki
Subscriptions
Filtered by product Mediawiki
Subscriptions
Total
355 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4306 | 1 Mediawiki | 1 Mediawiki | 2019-07-18 | N/A |
| Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. | ||||
| CVE-2019-12471 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-07-16 | N/A |
| Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12466 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-07-11 | N/A |
| Wikimedia MediaWiki through 1.32.1 allows CSRF. | ||||
| CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2018-11-23 | N/A |
| Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
| CVE-2007-1055 | 1 Mediawiki | 1 Mediawiki | 2018-10-19 | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177. | ||||
| CVE-2007-1054 | 1 Mediawiki | 1 Mediawiki | 2018-10-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. | ||||
| CVE-2007-0894 | 1 Mediawiki | 1 Mediawiki | 2018-10-16 | N/A |
| MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | ||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2018-05-18 | N/A |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | ||||
| CVE-2017-0372 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-17 | N/A |
| Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | ||||
| CVE-2017-0362 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-15 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | ||||
| CVE-2017-0361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. | ||||
| CVE-2017-0370 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | ||||
| CVE-2017-0368 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | ||||
| CVE-2017-0366 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | ||||
| CVE-2017-0364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | ||||
| CVE-2017-0363 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | ||||
| CVE-2017-0365 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | ||||
| CVE-2015-8008 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2018-01-11 | N/A |
| The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | ||||
| CVE-2014-3966 | 1 Mediawiki | 1 Mediawiki | 2017-12-29 | N/A |
| Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username. | ||||
| CVE-2017-8811 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | N/A |
| The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | ||||