Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-6452

  • EPSS 0.33%
  • Veröffentlicht 12.05.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.

7.5

CVE-2013-6453

  • EPSS 0.66%
  • Veröffentlicht 12.05.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

4.3

CVE-2013-6454

  • EPSS 0.33%
  • Veröffentlicht 12.05.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

5

CVE-2013-6472

  • EPSS 0.42%
  • Veröffentlicht 12.05.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

5

CVE-2013-4570

  • EPSS 0.66%
  • Veröffentlicht 12.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via v...

7.5

CVE-2013-4571

  • EPSS 0.54%
  • Veröffentlicht 12.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.

4.3

CVE-2013-4574

  • EPSS 0.33%
  • Veröffentlicht 12.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

4.3

CVE-2014-2853

  • EPSS 0.37%
  • Veröffentlicht 29.04.2014 18:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

4

CVE-2014-2665

  • EPSS 0.21%
  • Veröffentlicht 20.04.2014 01:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authe...

4.3

CVE-2014-2242

  • EPSS 0.45%
  • Veröffentlicht 02.03.2014 04:57:25
  • Zuletzt bearbeitet 12.04.2025 10:46:40

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks...