Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2014-9480

Exploit
  • EPSS 0.26%
  • Published 16.01.2015 16:59:15
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.

4.3

CVE-2014-9479

Exploit
  • EPSS 0.26%
  • Published 16.01.2015 16:59:14
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.

2.6

CVE-2014-9478

Exploit
  • EPSS 0.26%
  • Published 16.01.2015 16:59:13
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemp...

4.3

CVE-2014-9477

Exploit
  • EPSS 0.26%
  • Published 16.01.2015 16:59:11
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

5

CVE-2014-9476

Exploit
  • EPSS 0.72%
  • Published 16.01.2015 16:59:10
  • Last modified 12.04.2025 10:46:40

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wik...

3.5

CVE-2014-9475

  • EPSS 0.16%
  • Published 16.01.2015 16:59:09
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.

2.6

CVE-2014-9507

  • EPSS 0.22%
  • Published 04.01.2015 21:59:04
  • Last modified 12.04.2025 10:46:40

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.

7.5

CVE-2014-9277

Exploit
  • EPSS 0.86%
  • Published 04.01.2015 21:59:02
  • Last modified 12.04.2025 10:46:40

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-d...

5.1

CVE-2014-9276

  • EPSS 0.11%
  • Published 04.01.2015 21:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the a...

3.5

CVE-2014-7295

  • EPSS 0.22%
  • Published 07.10.2014 14:55:09
  • Last modified 12.04.2025 10:46:40

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact v...