Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2012-4381

  • EPSS 3.1%
  • Published 08.02.2020 18:15:11
  • Last modified 21.11.2024 01:42:46

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin retur...

7.5

CVE-2013-4572

  • EPSS 1.16%
  • Published 06.02.2020 15:15:10
  • Last modified 21.11.2024 01:55:51

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created us...

6.1

CVE-2013-6451

  • EPSS 0.3%
  • Published 28.01.2020 15:15:14
  • Last modified 21.11.2024 01:59:15

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

5.3

CVE-2013-6455

  • EPSS 0.41%
  • Published 28.01.2020 15:15:14
  • Last modified 21.11.2024 01:59:15

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

5.9

CVE-2014-9481

  • EPSS 0.57%
  • Published 27.01.2020 16:15:10
  • Last modified 21.11.2024 02:20:59

The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.

6.1

CVE-2020-6163

  • EPSS 0.33%
  • Published 08.01.2020 02:15:10
  • Last modified 21.11.2024 05:35:13

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).

6.1

CVE-2019-19910

  • EPSS 0.42%
  • Published 19.12.2019 19:15:14
  • Last modified 21.11.2024 04:35:38

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur...

6.1

CVE-2013-4303

Exploit
  • EPSS 0.57%
  • Published 11.12.2019 19:15:12
  • Last modified 21.11.2024 01:55:18

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which al...

6.1

CVE-2019-19709

Exploit
  • EPSS 0.32%
  • Published 11.12.2019 02:15:14
  • Last modified 21.11.2024 04:35:14

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that...

7.5

CVE-2013-1817

  • EPSS 1.55%
  • Published 20.11.2019 20:15:11
  • Last modified 21.11.2024 01:50:26

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.