Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-10959

Exploit
  • EPSS 0.27%
  • Veröffentlicht 02.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:56:27

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

7.5

CVE-2020-12051

  • EPSS 0.51%
  • Veröffentlicht 21.04.2020 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:59:11

The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the ...

5.3

CVE-2020-10960

Exploit
  • EPSS 0.21%
  • Veröffentlicht 03.04.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:56:27

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquer...

9.8

CVE-2020-10534

  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:31

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ...

9.3

CVE-2012-4381

  • EPSS 3.1%
  • Veröffentlicht 08.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 01:42:46

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin retur...

7.5

CVE-2013-4572

  • EPSS 1.29%
  • Veröffentlicht 06.02.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 01:55:51

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created us...

6.1

CVE-2013-6451

  • EPSS 0.3%
  • Veröffentlicht 28.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 01:59:15

Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

5.3

CVE-2013-6455

  • EPSS 0.39%
  • Veröffentlicht 28.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 01:59:15

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

5.9

CVE-2014-9481

  • EPSS 0.57%
  • Veröffentlicht 27.01.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 02:20:59

The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.

6.1

CVE-2020-6163

  • EPSS 0.33%
  • Veröffentlicht 08.01.2020 02:15:10
  • Zuletzt bearbeitet 21.11.2024 05:35:13

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).