Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2014-2243

  • EPSS 0.35%
  • Published 02.03.2014 04:57:25
  • Last modified 12.04.2025 10:46:40

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain acces...

4.3

CVE-2014-2244

  • EPSS 0.41%
  • Published 02.03.2014 04:57:25
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTM...

6

CVE-2014-1610

  • EPSS 49.39%
  • Published 30.01.2014 23:55:02
  • Last modified 11.04.2025 00:51:21

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/med...

7.5

CVE-2013-4304

Exploit
  • EPSS 0.33%
  • Published 26.01.2014 20:55:04
  • Last modified 11.04.2025 00:51:21

The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote att...

4.3

CVE-2013-4567

  • EPSS 0.41%
  • Published 13.12.2013 18:07:54
  • Last modified 11.04.2025 00:51:21

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.

4.3

CVE-2013-4568

  • EPSS 0.45%
  • Published 13.12.2013 18:07:54
  • Last modified 11.04.2025 00:51:21

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as dem...

4.3

CVE-2013-4569

  • EPSS 0.41%
  • Published 13.12.2013 18:07:54
  • Last modified 11.04.2025 00:51:21

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted...

6.8

CVE-2012-5394

  • EPSS 0.15%
  • Published 13.12.2013 18:07:53
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors...

4.3

CVE-2013-4573

  • EPSS 0.36%
  • Published 25.11.2013 19:55:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter t...

4.3

CVE-2013-2031

  • EPSS 1.79%
  • Published 18.11.2013 02:55:07
  • Last modified 11.04.2025 00:51:21

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted a...