Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2012-4380

  • EPSS 0.55%
  • Veröffentlicht 19.10.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

4.9

CVE-2012-4382

  • EPSS 0.29%
  • Veröffentlicht 19.10.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

9.8

CVE-2014-9487

  • EPSS 1.01%
  • Veröffentlicht 17.10.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2...

9.8

CVE-2015-8009

Exploit
  • EPSS 0.34%
  • Veröffentlicht 25.07.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote regist...

7.5

CVE-2016-6331

  • EPSS 0.17%
  • Veröffentlicht 20.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.

7.5

CVE-2016-6332

  • EPSS 0.22%
  • Veröffentlicht 20.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.

6.1

CVE-2016-6333

  • EPSS 0.34%
  • Veröffentlicht 20.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:My...

6.1

CVE-2016-6334

  • EPSS 0.22%
  • Veröffentlicht 20.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving repl...

7.5

CVE-2016-6335

  • EPSS 0.27%
  • Veröffentlicht 20.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

6.5

CVE-2016-6336

  • EPSS 0.11%
  • Veröffentlicht 20.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitr...