Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2015-2942

Exploit
  • EPSS 1.68%
  • Veröffentlicht 13.04.2015 14:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP me...

4.3

CVE-2015-2941

Exploit
  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to a...

4.3

CVE-2015-2938

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when preview...

7.1

CVE-2015-2937

  • EPSS 2.02%
  • Veröffentlicht 13.04.2015 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration wit...

7.1

CVE-2015-2936

  • EPSS 1.89%
  • Veröffentlicht 13.04.2015 14:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.

5

CVE-2015-2935

  • EPSS 0.3%
  • Veröffentlicht 13.04.2015 14:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."

4.3

CVE-2015-2934

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted ...

4.3

CVE-2015-2933

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using...

4.3

CVE-2015-2932

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

4.3

CVE-2015-2931

Exploit
  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a neste...