CVE-2017-0366
- EPSS 1.34%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
CVE-2017-0367
- EPSS 1.86%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE-2017-0368
- EPSS 1.53%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2017-0369
- EPSS 1.21%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
CVE-2017-0370
- EPSS 1.43%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:51
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
CVE-2017-0372
- EPSS 11.65%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:51
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CVE-2015-8008
- EPSS 2.87%
- Veröffentlicht 29.12.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
CVE-2017-8808
- EPSS 1.05%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
CVE-2017-8809
- EPSS 7.71%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
CVE-2017-8810
- EPSS 2.15%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumera...