Filtered by vendor Mediawiki Subscriptions
Filtered by product Mediawiki Subscriptions
Total 366 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-0504 3 Debian, Mediawiki, Redhat 3 Debian Linux, Mediawiki, Openshift 2024-09-17 N/A
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
CVE-2017-0367 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-17 N/A
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE-2012-4885 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.
CVE-2013-2114 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVE-2017-0368 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2018-13258 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
CVE-2014-3454 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.
CVE-2017-0361 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
CVE-2017-0369 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
CVE-2017-0362 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
CVE-2004-2187 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
CVE-2017-0363 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
CVE-2018-0505 3 Debian, Mediawiki, Redhat 3 Debian Linux, Mediawiki, Openshift 2024-09-16 N/A
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
CVE-2017-0364 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
CVE-2017-0365 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
CVE-2004-2185 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
CVE-2017-0370 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
CVE-2017-0372 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CVE-2017-0366 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
CVE-2004-2152 1 Mediawiki 1 Mediawiki 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.