← Back

Mediawiki

mediawiki

428 CVEs • 18 products

Products (18)

Click to collapse
Toggle
Mediawiki
mediawiki
395 CVEs
Checkuser
checkuser
8 CVEs
Cargo
cargo
7 CVEs
Abusefilter
abusefilter
3 CVEs
Visual Editor
visual_editor
3 CVEs
Mobilefrontend
mobilefrontend
2 CVEs
Mediawiki Botquery Ext
mediawiki_botquery_ext
1 CVE
Mediawik
mediawik
1 CVE
Rssreader
rssreader
1 CVE
Scribunto
scribunto
1 CVE
Skin\
skin\
1 CVE
Shortdescription
shortdescription
1 CVE
Createredirect
createredirect
1 CVE
Rss For Mediawiki
rss_for_mediawiki
1 CVE
Semantic Drilldown
semantic_drilldown
1 CVE
Wikisource Category Browser
wikisource_category_browser
1 CVE
Matomo
matomo
1 CVE
Score
score
1 CVE

CVEs (428)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-12474
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Jul 10, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12473
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Jul 10, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12472
1Mediawiki
1Mediawiki
Nov 21, 2024
Jul 10, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30...Show more
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.Show less
CVE-2019-12471
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Jul 10, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 an...Show more
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.Show less
CVE-2019-12466
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Jul 10, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVE-2019-12468
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Jul 10, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeov...Show more
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.Show less
CVE-2019-12467
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Jul 10, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2018-13258
1Mediawiki
1Mediawiki
Nov 21, 2024
Oct 4, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
CVE-2018-0505
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Oct 4, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
CVE-2018-0504
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Oct 4, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
CVE-2018-0503
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Oct 4, 2018
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
CVE-2014-1686
1Mediawiki
1Mediawiki
Nov 21, 2024
Apr 16, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
CVE-2017-0372
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CVE-2017-0370
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
CVE-2017-0369
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
CVE-2017-0368
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2017-0367
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE-2017-0366
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
5.4 MEDIUM· v3
4.0 MEDIUM· v2
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
CVE-2017-0365
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
4.7 MEDIUM· v3
2.6 LOW· v2
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
CVE-2017-0364
2Debian
Mediawiki
2Debian Linux
Mediawiki
Nov 21, 2024
Apr 13, 2018
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.