Filtered by vendor Mediawiki
Subscriptions
Total
394 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | ||||
| CVE-2013-6455 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.3 Medium |
| The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | ||||
| CVE-2013-6451 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | ||||
| CVE-2013-4572 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 7.5 High |
| The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | ||||
| CVE-2013-4303 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | ||||
| CVE-2013-1951 | 3 Debian, Linux, Mediawiki | 3 Debian Linux, Linux Kernel, Mediawiki | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | ||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 7.5 High |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | ||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 7.5 High |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | ||||
| CVE-2012-4381 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.1 High |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | ||||
| CVE-2012-0046 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| mediawiki allows deleted text to be exposed | ||||
| CVE-2024-47846 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2024-47847 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2024-47849 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2023-45359 | 1 Mediawiki | 1 Vector Skin | 2024-10-10 | 6.5 Medium |
| An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. | ||||