Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2011-1580

  • EPSS 0.6%
  • Veröffentlicht 27.04.2011 00:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

4.3

CVE-2011-1587

  • EPSS 0.22%
  • Veröffentlicht 27.04.2011 00:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html lo...

4.3

CVE-2010-2787

  • EPSS 0.55%
  • Veröffentlicht 27.04.2011 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache...

2.6

CVE-2010-2788

  • EPSS 0.68%
  • Veröffentlicht 27.04.2011 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

6.8

CVE-2010-2789

  • EPSS 0.53%
  • Veröffentlicht 27.04.2011 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.

7.5

CVE-2011-0537

  • EPSS 0.63%
  • Veröffentlicht 04.02.2011 01:00:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and...

4.3

CVE-2011-0047

  • EPSS 0.87%
  • Veröffentlicht 04.02.2011 01:00:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

5.8

CVE-2011-0003

  • EPSS 0.93%
  • Veröffentlicht 11.01.2011 03:00:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3

CVE-2010-1647

  • EPSS 0.25%
  • Veröffentlicht 08.06.2010 00:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Inter...

6.8

CVE-2010-1648

  • EPSS 0.12%
  • Veröffentlicht 08.06.2010 00:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwo...