Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2012-4381

  • EPSS 3.1%
  • Veröffentlicht 08.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 01:42:46

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin retur...

7.5

CVE-2013-4572

  • EPSS 1.16%
  • Veröffentlicht 06.02.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 01:55:51

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created us...

6.1

CVE-2013-6451

  • EPSS 0.3%
  • Veröffentlicht 28.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 01:59:15

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

5.3

CVE-2013-6455

  • EPSS 0.41%
  • Veröffentlicht 28.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 01:59:15

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

5.9

CVE-2014-9481

  • EPSS 0.57%
  • Veröffentlicht 27.01.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 02:20:59

The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.

6.1

CVE-2020-6163

  • EPSS 0.33%
  • Veröffentlicht 08.01.2020 02:15:10
  • Zuletzt bearbeitet 21.11.2024 05:35:13

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).

6.1

CVE-2019-19910

  • EPSS 0.42%
  • Veröffentlicht 19.12.2019 19:15:14
  • Zuletzt bearbeitet 21.11.2024 04:35:38

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur...

6.1

CVE-2013-4303

Exploit
  • EPSS 0.57%
  • Veröffentlicht 11.12.2019 19:15:12
  • Zuletzt bearbeitet 21.11.2024 01:55:18

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which al...

6.1

CVE-2019-19709

Exploit
  • EPSS 0.32%
  • Veröffentlicht 11.12.2019 02:15:14
  • Zuletzt bearbeitet 21.11.2024 04:35:14

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that...

7.5

CVE-2013-1817

  • EPSS 1.55%
  • Veröffentlicht 20.11.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 01:50:26

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.