Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-6452

  • EPSS 0.33%
  • Published 12.05.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.

7.5

CVE-2013-6453

  • EPSS 0.66%
  • Published 12.05.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

4.3

CVE-2013-6454

  • EPSS 0.33%
  • Published 12.05.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

5

CVE-2013-6472

  • EPSS 0.42%
  • Published 12.05.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

5

CVE-2013-4570

  • EPSS 0.66%
  • Published 12.05.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via v...

7.5

CVE-2013-4571

  • EPSS 0.54%
  • Published 12.05.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.

4.3

CVE-2013-4574

  • EPSS 0.33%
  • Published 12.05.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

4.3

CVE-2014-2853

  • EPSS 0.37%
  • Published 29.04.2014 18:55:08
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

4

CVE-2014-2665

  • EPSS 0.21%
  • Published 20.04.2014 01:55:06
  • Last modified 12.04.2025 10:46:40

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authe...

4.3

CVE-2014-2242

  • EPSS 0.45%
  • Published 02.03.2014 04:57:25
  • Last modified 12.04.2025 10:46:40

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks...