VYPR

Mediawiki

by MediaWiki

Source repositories

CVEs (262)

  • CVE-2012-4377MedOct 26, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.

  • CVE-2016-6334MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding…

  • CVE-2016-6333MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

  • CVE-2015-8622MedMar 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as…

  • CVE-2018-13258MedOct 4, 2018
    risk 0.35cvss 5.3epss 0.02

    Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.

  • CVE-2014-1686MedApr 16, 2018
    risk 0.35cvss 5.3epss 0.02

    MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.

  • CVE-2017-0370MedApr 13, 2018
    risk 0.35cvss 5.3epss 0.01

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

  • CVE-2017-0368MedApr 13, 2018
    risk 0.35cvss 5.3epss 0.02

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

  • CVE-2017-0366MedApr 13, 2018
    risk 0.35cvss 5.4epss 0.01

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.

  • CVE-2017-8812MedNov 15, 2017
    risk 0.35cvss 5.3epss 0.02

    MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

  • CVE-2015-8628MedMar 23, 2017
    risk 0.35cvss 5.3epss 0.01

    The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user…

  • CVE-2015-8627MedMar 23, 2017
    risk 0.35cvss 5.3epss 0.01

    MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not…

  • CVE-2019-16738MedSep 26, 2019
    risk 0.34cvss 5.3epss 0.02

    In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.

  • CVE-2012-4382MedOct 19, 2017
    risk 0.32cvss 4.9epss 0.01

    MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

  • CVE-2017-0365MedApr 13, 2018
    risk 0.31cvss 4.7epss 0.01

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

  • CVE-2025-67476MedFeb 3, 2026
    risk 0.28cvss 4.3epss 0.00

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.

  • CVE-2018-0503MedOct 4, 2018
    risk 0.28cvss 4.3epss 0.02

    Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.

  • CVE-2026-34093MedMay 11, 2026
    risk 0.27cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

  • CVE-2014-1610Jan 30, 2014
    risk 0.06cvss epss 0.43

    MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w…

  • CVE-2007-0177Jan 11, 2007
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 3 of 14