Mediawiki

Mediawiki

395 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-4307

  • EPSS 0.42%
  • Veröffentlicht 12.09.2013 13:30:39
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script...

5

CVE-2012-4885

  • EPSS 1.18%
  • Veröffentlicht 09.09.2012 21:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

5

CVE-2012-1579

Exploit
  • EPSS 0.58%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

6.8

CVE-2012-1580

  • EPSS 0.3%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

5

CVE-2012-1581

  • EPSS 0.54%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

4.3

CVE-2012-1582

  • EPSS 0.64%
  • Veröffentlicht 09.09.2012 21:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstr...

6.8

CVE-2012-1578

  • EPSS 0.3%
  • Veröffentlicht 09.09.2012 21:55:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a requ...

4.3

CVE-2012-2698

Exploit
  • EPSS 14.45%
  • Veröffentlicht 29.06.2012 19:55:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang...

5

CVE-2011-4361

  • EPSS 0.18%
  • Veröffentlicht 08.01.2012 11:55:19
  • Zuletzt bearbeitet 29.04.2026 01:13:23

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an...

5

CVE-2011-4360

  • EPSS 0.61%
  • Veröffentlicht 08.01.2012 11:55:18
  • Zuletzt bearbeitet 29.04.2026 01:13:23

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.