Filtered by vendor Mediawiki Subscriptions
Total 389 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-3455 1 Mediawiki 1 Mediawiki 2024-09-17 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.
CVE-2004-2186 1 Mediawiki 1 Mediawiki 2024-09-17 N/A
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
CVE-2005-3165 1 Mediawiki 1 Mediawiki 2024-09-17 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.
CVE-2018-0503 3 Debian, Mediawiki, Redhat 3 Debian Linux, Mediawiki, Openshift 2024-09-17 N/A
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
CVE-2018-0504 3 Debian, Mediawiki, Redhat 3 Debian Linux, Mediawiki, Openshift 2024-09-17 N/A
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
CVE-2017-0367 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-17 N/A
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE-2012-4885 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.
CVE-2013-2114 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVE-2017-0368 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2018-13258 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
CVE-2014-3454 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.
CVE-2017-0361 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
CVE-2017-0369 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
CVE-2017-0362 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
CVE-2012-6453 1 Mediawiki 1 Rssreader 2024-09-16 N/A
Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.
CVE-2004-2187 1 Mediawiki 1 Mediawiki 2024-09-16 N/A
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
CVE-2017-0363 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
CVE-2018-0505 3 Debian, Mediawiki, Redhat 3 Debian Linux, Mediawiki, Openshift 2024-09-16 N/A
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
CVE-2017-0364 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
CVE-2017-0365 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-09-16 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.