Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-8003

  • EPSS 0.52%
  • Published 09.11.2015 18:59:02
  • Last modified 12.04.2025 10:46:40

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

6.8

CVE-2015-8002

  • EPSS 0.52%
  • Published 09.11.2015 18:59:01
  • Last modified 12.04.2025 10:46:40

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

3.5

CVE-2015-8001

  • EPSS 0.32%
  • Published 09.11.2015 18:59:00
  • Last modified 12.04.2025 10:46:40

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a ch...

4.3

CVE-2015-6734

  • EPSS 0.28%
  • Published 01.09.2015 14:59:12
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web ...

5

CVE-2015-6733

  • EPSS 1.49%
  • Published 01.09.2015 14:59:11
  • Last modified 12.04.2025 10:46:40

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

4.3

CVE-2015-6730

  • EPSS 0.28%
  • Published 01.09.2015 14:59:08
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an ...

4.3

CVE-2015-6729

  • EPSS 0.28%
  • Published 01.09.2015 14:59:07
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i...

7.5

CVE-2015-6728

  • EPSS 0.16%
  • Published 01.09.2015 14:59:06
  • Last modified 12.04.2025 10:46:40

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti...

5

CVE-2015-6727

  • EPSS 0.41%
  • Published 01.09.2015 14:59:04
  • Last modified 12.04.2025 10:46:40

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

5

CVE-2013-7444

  • EPSS 0.45%
  • Published 01.09.2015 14:59:00
  • Last modified 12.04.2025 10:46:40

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.