Mediawiki

Mediawiki

371 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-2032

  • EPSS 0.91%
  • Veröffentlicht 18.11.2013 02:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extens...

6.8

CVE-2013-2114

  • EPSS 1.4%
  • Veröffentlicht 18.11.2013 02:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

5

CVE-2013-4301

Exploit
  • EPSS 0.71%
  • Veröffentlicht 27.10.2013 00:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter...

5

CVE-2013-4302

  • EPSS 0.7%
  • Veröffentlicht 27.10.2013 00:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 a...

4.3

CVE-2013-4305

Exploit
  • EPSS 0.19%
  • Veröffentlicht 11.10.2013 21:55:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

6.8

CVE-2013-4306

  • EPSS 0.23%
  • Veröffentlicht 11.10.2013 21:55:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform s...

4.3

CVE-2013-4307

  • EPSS 0.42%
  • Veröffentlicht 12.09.2013 13:30:39
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script...

5

CVE-2012-4885

  • EPSS 1.18%
  • Veröffentlicht 09.09.2012 21:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

5

CVE-2012-1579

Exploit
  • EPSS 0.58%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

6.8

CVE-2012-1580

  • EPSS 0.3%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.