Filtered by vendor Mediawiki
Subscriptions
Total
389 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3455 | 1 Mediawiki | 1 Mediawiki | 2024-09-17 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors. | ||||
CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2024-09-17 | N/A |
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | ||||
CVE-2005-3165 | 1 Mediawiki | 1 Mediawiki | 2024-09-17 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. | ||||
CVE-2018-0503 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-09-17 | N/A |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | ||||
CVE-2018-0504 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-09-17 | N/A |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | ||||
CVE-2017-0367 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-17 | N/A |
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | ||||
CVE-2012-4885 | 1 Mediawiki | 1 Mediawiki | 2024-09-16 | N/A |
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function. | ||||
CVE-2013-2114 | 1 Mediawiki | 1 Mediawiki | 2024-09-16 | N/A |
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
CVE-2017-0368 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | ||||
CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2024-09-16 | N/A |
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
CVE-2014-3454 | 1 Mediawiki | 1 Mediawiki | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors. | ||||
CVE-2017-0361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. | ||||
CVE-2017-0369 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | ||||
CVE-2017-0362 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | ||||
CVE-2012-6453 | 1 Mediawiki | 1 Rssreader | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed. | ||||
CVE-2004-2187 | 1 Mediawiki | 1 Mediawiki | 2024-09-16 | N/A |
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors. | ||||
CVE-2017-0363 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | ||||
CVE-2018-0505 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-09-16 | N/A |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | ||||
CVE-2017-0364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | ||||
CVE-2017-0365 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. |