Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-2934

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted ...

4.3

CVE-2015-2933

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using...

4.3

CVE-2015-2932

  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

4.3

CVE-2015-2931

Exploit
  • EPSS 0.28%
  • Veröffentlicht 13.04.2015 14:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a neste...

4.3

CVE-2014-9480

Exploit
  • EPSS 0.32%
  • Veröffentlicht 16.01.2015 16:59:15
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.

4.3

CVE-2014-9479

Exploit
  • EPSS 0.26%
  • Veröffentlicht 16.01.2015 16:59:14
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.

2.6

CVE-2014-9478

Exploit
  • EPSS 0.26%
  • Veröffentlicht 16.01.2015 16:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemp...

4.3

CVE-2014-9477

Exploit
  • EPSS 0.26%
  • Veröffentlicht 16.01.2015 16:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

5

CVE-2014-9476

Exploit
  • EPSS 0.72%
  • Veröffentlicht 16.01.2015 16:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wik...

3.5

CVE-2014-9475

  • EPSS 0.16%
  • Veröffentlicht 16.01.2015 16:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.