Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-8003

  • EPSS 0.52%
  • Veröffentlicht 09.11.2015 18:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

6.8

CVE-2015-8002

  • EPSS 0.52%
  • Veröffentlicht 09.11.2015 18:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

3.5

CVE-2015-8001

  • EPSS 0.32%
  • Veröffentlicht 09.11.2015 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a ch...

4.3

CVE-2015-6734

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web ...

5

CVE-2015-6733

  • EPSS 1.49%
  • Veröffentlicht 01.09.2015 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

4.3

CVE-2015-6730

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an ...

4.3

CVE-2015-6729

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i...

7.5

CVE-2015-6728

  • EPSS 0.16%
  • Veröffentlicht 01.09.2015 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti...

5

CVE-2015-6727

  • EPSS 0.41%
  • Veröffentlicht 01.09.2015 14:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

5

CVE-2013-7444

  • EPSS 0.45%
  • Veröffentlicht 01.09.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.