Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2014-9507

  • EPSS 0.22%
  • Veröffentlicht 04.01.2015 21:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.

7.5

CVE-2014-9277

Exploit
  • EPSS 0.86%
  • Veröffentlicht 04.01.2015 21:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-d...

5.1

CVE-2014-9276

  • EPSS 0.11%
  • Veröffentlicht 04.01.2015 21:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the a...

3.5

CVE-2014-7295

  • EPSS 0.24%
  • Veröffentlicht 07.10.2014 14:55:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact v...

4.3

CVE-2014-7199

  • EPSS 0.31%
  • Veröffentlicht 30.09.2014 14:55:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

6.8

CVE-2014-5241

Exploit
  • EPSS 0.35%
  • Veröffentlicht 22.08.2014 17:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which al...

4.3

CVE-2014-5242

Exploit
  • EPSS 0.42%
  • Veröffentlicht 22.08.2014 17:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox cl...

4.3

CVE-2014-5243

Exploit
  • EPSS 0.41%
  • Veröffentlicht 22.08.2014 17:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted we...

2.6

CVE-2014-3966

  • EPSS 0.32%
  • Veröffentlicht 06.06.2014 14:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid u...

5

CVE-2013-1818

  • EPSS 0.33%
  • Veröffentlicht 02.06.2014 15:55:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.