Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-0363

  • EPSS 0.21%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:50

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

6.1

CVE-2017-0364

  • EPSS 0.21%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:50

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

4.7

CVE-2017-0365

  • EPSS 0.3%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:50

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

5.4

CVE-2017-0366

Exploit
  • EPSS 0.39%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:50

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.

8.8

CVE-2017-0367

  • EPSS 0.54%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:50

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

5.3

CVE-2017-0368

  • EPSS 0.24%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:50

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

6.5

CVE-2017-0369

  • EPSS 0.14%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:50

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

5.3

CVE-2017-0370

  • EPSS 0.24%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:51

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

9.8

CVE-2017-0372

Exploit
  • EPSS 59.38%
  • Published 13.04.2018 16:29:00
  • Last modified 21.11.2024 03:02:51

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

7.5

CVE-2015-8008

  • EPSS 0.55%
  • Published 29.12.2017 22:29:00
  • Last modified 20.04.2025 01:37:25

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.