Filtered by vendor Mediawiki
Subscribe
Total
374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1951 | 3 Debian, Linux, Mediawiki | 3 Debian Linux, Linux Kernel, Mediawiki | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | |||||
CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |||||
CVE-2019-12469 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-12467 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-12472 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-12474 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-12473 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | |||||
CVE-2019-12471 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-14807 | 1 Mediawiki | 1 Mobilefrontend | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | |||||
CVE-2019-12470 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-12466 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Wikimedia MediaWiki through 1.32.1 allows CSRF. | |||||
CVE-2018-0505 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | |||||
CVE-2018-0504 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | |||||
CVE-2018-0503 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | |||||
CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | |||||
CVE-2017-0363 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | |||||
CVE-2017-0362 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | |||||
CVE-2017-0372 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | |||||
CVE-2017-0366 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 4.0 MEDIUM | 5.4 MEDIUM |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. |