Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2011-1580

  • EPSS 0.6%
  • Published 27.04.2011 00:55:04
  • Last modified 11.04.2025 00:51:21

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

4.3

CVE-2011-1587

  • EPSS 0.22%
  • Published 27.04.2011 00:55:04
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html lo...

4.3

CVE-2010-2787

  • EPSS 0.55%
  • Published 27.04.2011 00:55:01
  • Last modified 11.04.2025 00:51:21

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache...

2.6

CVE-2010-2788

  • EPSS 0.68%
  • Published 27.04.2011 00:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

6.8

CVE-2010-2789

  • EPSS 0.53%
  • Published 27.04.2011 00:55:01
  • Last modified 11.04.2025 00:51:21

PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.

7.5

CVE-2011-0537

  • EPSS 0.63%
  • Published 04.02.2011 01:00:07
  • Last modified 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and...

4.3

CVE-2011-0047

  • EPSS 0.87%
  • Published 04.02.2011 01:00:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

5.8

CVE-2011-0003

  • EPSS 0.93%
  • Published 11.01.2011 03:00:05
  • Last modified 11.04.2025 00:51:21

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3

CVE-2010-1647

  • EPSS 0.25%
  • Published 08.06.2010 00:30:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Inter...

6.8

CVE-2010-1648

  • EPSS 0.12%
  • Published 08.06.2010 00:30:01
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwo...