Mediawiki

Mediawiki

378 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-4302

  • EPSS 0.7%
  • Veröffentlicht 27.10.2013 00:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 a...

4.3

CVE-2013-4305

Exploit
  • EPSS 0.19%
  • Veröffentlicht 11.10.2013 21:55:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

6.8

CVE-2013-4306

  • EPSS 0.23%
  • Veröffentlicht 11.10.2013 21:55:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform s...

4.3

CVE-2013-4307

  • EPSS 0.42%
  • Veröffentlicht 12.09.2013 13:30:39
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script...

5

CVE-2012-4885

  • EPSS 1.18%
  • Veröffentlicht 09.09.2012 21:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

5

CVE-2012-1579

Exploit
  • EPSS 0.58%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

6.8

CVE-2012-1580

  • EPSS 0.3%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

5

CVE-2012-1581

  • EPSS 0.54%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

4.3

CVE-2012-1582

  • EPSS 0.64%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstr...

6.8

CVE-2012-1578

  • EPSS 0.3%
  • Veröffentlicht 09.09.2012 21:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a requ...