Mediawiki

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4572 2Fedoraproject Mediawiki 2Fedora Mediawiki Nov 21, 2024 Feb 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to...Show more The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.Show less
CVE-2013-6455 1Mediawiki 1Mediawiki Nov 21, 2024 Jan 28, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.
CVE-2013-6451 1Mediawiki 1Mediawiki Nov 21, 2024 Jan 28, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.
CVE-2014-9481 1Mediawiki 1Mediawiki Nov 21, 2024 Jan 27, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2020-6163 1Mediawiki 1Mediawiki Nov 21, 2024 Jan 8, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).
CVE-2019-19910 1Mediawiki 1Mediawiki Nov 21, 2024 Dec 19, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client...Show more The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.Show less
CVE-2013-4303 1Mediawiki 1Mediawiki Nov 21, 2024 Dec 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) ch...Show more includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.Show less
CVE-2019-19709 2Debian Mediawiki 2Debian Linux Mediawiki Nov 21, 2024 Dec 11, 2019 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in th...Show more MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.Show less
CVE-2019-19708 1Mediawiki 1Visual Editor Nov 21, 2024 Dec 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2013-1817 4Debian FedoraprojectMediawiki+1 more 4Debian Linux Enterprise LinuxFedora+1 more Nov 21, 2024 Nov 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
CVE-2013-1816 4Debian FedoraprojectMediawiki+1 more 4Debian Linux Enterprise LinuxFedora+1 more Nov 21, 2024 Nov 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
CVE-2019-18987 1Mediawiki 1Abusefilter Nov 21, 2024 Nov 15, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially discl...Show more An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.Show less
CVE-2013-1951 2Debian Mediawiki 2Debian Linux Mediawiki Nov 21, 2024 Oct 31, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.
CVE-2019-18612 1Mediawiki 1Abusefilter Nov 21, 2024 Oct 29, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosin...Show more An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.Show less
CVE-2019-18611 1Mediawiki 1Checkuser Nov 21, 2024 Oct 29, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with va...Show more An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.Show less
CVE-2012-0046 1Mediawiki 1Mediawiki Nov 21, 2024 Oct 29, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 mediawiki allows deleted text to be exposed
CVE-2019-16738 3Debian FedoraprojectMediawiki 3Debian Linux FedoraMediawiki Apr 15, 2026 Sep 26, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
CVE-2019-14807 1Mediawiki 1Mobilefrontend Nov 21, 2024 Aug 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.
CVE-2019-12470 2Debian Mediawiki 2Debian Linux Mediawiki Nov 21, 2024 Jul 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12469 2Debian Mediawiki 2Debian Linux Mediawiki Nov 21, 2024 Jul 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Previous 1...111213...22 Next