Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-6729

  • EPSS 0.28%
  • Veröffentlicht 01.09.2015 14:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i...

7.5

CVE-2015-6728

  • EPSS 0.16%
  • Veröffentlicht 01.09.2015 14:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti...

5

CVE-2015-6727

  • EPSS 0.41%
  • Veröffentlicht 01.09.2015 14:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

5

CVE-2013-7444

  • EPSS 0.45%
  • Veröffentlicht 01.09.2015 14:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

7.1

CVE-2015-2942

Exploit
  • EPSS 1.68%
  • Veröffentlicht 13.04.2015 14:59:15
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP me...

4.3

CVE-2015-2941

Exploit
  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:14
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to a...

4.3

CVE-2015-2938

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when preview...

7.1

CVE-2015-2937

  • EPSS 2.02%
  • Veröffentlicht 13.04.2015 14:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration wit...

7.1

CVE-2015-2936

  • EPSS 1.89%
  • Veröffentlicht 13.04.2015 14:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.

5

CVE-2015-2935

  • EPSS 0.3%
  • Veröffentlicht 13.04.2015 14:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."