Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2014-7199

  • EPSS 0.31%
  • Published 30.09.2014 14:55:11
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

6.8

CVE-2014-5241

Exploit
  • EPSS 0.32%
  • Published 22.08.2014 17:55:02
  • Last modified 12.04.2025 10:46:40

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which al...

4.3

CVE-2014-5242

Exploit
  • EPSS 0.42%
  • Published 22.08.2014 17:55:02
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox cl...

4.3

CVE-2014-5243

Exploit
  • EPSS 0.37%
  • Published 22.08.2014 17:55:02
  • Last modified 12.04.2025 10:46:40

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted we...

2.6

CVE-2014-3966

  • EPSS 0.29%
  • Published 06.06.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid u...

5

CVE-2013-1818

  • EPSS 0.3%
  • Published 02.06.2014 15:55:09
  • Last modified 12.04.2025 10:46:40

maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.

6.8

CVE-2012-5391

  • EPSS 0.76%
  • Published 02.06.2014 15:55:08
  • Last modified 12.04.2025 10:46:40

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

6.8

CVE-2012-5395

  • EPSS 0.54%
  • Published 02.06.2014 15:55:08
  • Last modified 12.04.2025 10:46:40

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

6.8

CVE-2014-3454

  • EPSS 0.14%
  • Published 12.05.2014 14:55:07
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requ...

6.8

CVE-2014-3455

  • EPSS 0.1%
  • Published 12.05.2014 14:55:07
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x be...