Mediawiki

Mediawiki

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-6734

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web ...

5

CVE-2015-6733

  • EPSS 1.49%
  • Veröffentlicht 01.09.2015 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

4.3

CVE-2015-6730

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an ...

4.3

CVE-2015-6729

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i...

7.5

CVE-2015-6728

  • EPSS 0.16%
  • Veröffentlicht 01.09.2015 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti...

5

CVE-2015-6727

  • EPSS 0.41%
  • Veröffentlicht 01.09.2015 14:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

5

CVE-2013-7444

  • EPSS 0.45%
  • Veröffentlicht 01.09.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

7.1

CVE-2015-2942

Exploit
  • EPSS 1.68%
  • Veröffentlicht 13.04.2015 14:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP me...

4.3

CVE-2015-2941

Exploit
  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to a...

4.3

CVE-2015-2938

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when preview...