Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2012-1581

  • EPSS 0.54%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

4.3

CVE-2012-1582

  • EPSS 0.64%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstr...

6.8

CVE-2012-1578

  • EPSS 0.3%
  • Veröffentlicht 09.09.2012 21:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a requ...

4.3

CVE-2012-2698

Exploit
  • EPSS 20.42%
  • Veröffentlicht 29.06.2012 19:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang...

5

CVE-2011-4361

  • EPSS 0.24%
  • Veröffentlicht 08.01.2012 11:55:19
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an...

5

CVE-2011-4360

  • EPSS 0.61%
  • Veröffentlicht 08.01.2012 11:55:18
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

4.3

CVE-2011-1765

Exploit
  • EPSS 0.33%
  • Veröffentlicht 23.05.2011 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml a...

5.8

CVE-2011-1766

  • EPSS 0.33%
  • Veröffentlicht 23.05.2011 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID an...

4.3

CVE-2011-1578

Exploit
  • EPSS 0.71%
  • Veröffentlicht 27.04.2011 00:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at...

5.8

CVE-2011-1579

Exploit
  • EPSS 0.93%
  • Veröffentlicht 27.04.2011 00:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or ...