Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2012-1581

  • EPSS 0.54%
  • Published 09.09.2012 21:55:06
  • Last modified 11.04.2025 00:51:21

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

4.3

CVE-2012-1582

  • EPSS 0.64%
  • Published 09.09.2012 21:55:06
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstr...

6.8

CVE-2012-1578

  • EPSS 0.3%
  • Published 09.09.2012 21:55:05
  • Last modified 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a requ...

4.3

CVE-2012-2698

Exploit
  • EPSS 20.42%
  • Published 29.06.2012 19:55:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang...

5

CVE-2011-4361

  • EPSS 0.24%
  • Published 08.01.2012 11:55:19
  • Last modified 11.04.2025 00:51:21

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an...

5

CVE-2011-4360

  • EPSS 0.61%
  • Published 08.01.2012 11:55:18
  • Last modified 11.04.2025 00:51:21

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

4.3

CVE-2011-1765

Exploit
  • EPSS 0.33%
  • Published 23.05.2011 22:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml a...

5.8

CVE-2011-1766

  • EPSS 0.33%
  • Published 23.05.2011 22:55:01
  • Last modified 11.04.2025 00:51:21

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID an...

4.3

CVE-2011-1578

Exploit
  • EPSS 0.71%
  • Published 27.04.2011 00:55:04
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at...

5.8

CVE-2011-1579

Exploit
  • EPSS 0.93%
  • Published 27.04.2011 00:55:04
  • Last modified 11.04.2025 00:51:21

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or ...