VYPR

Mediawiki

by MediaWiki

Source repositories

CVEs (262)

  • CVE-2021-30157Apr 6, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

  • CVE-2021-30158Apr 6, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been…

  • CVE-2020-35479Dec 18, 2020
    risk 0.00cvss epss 0.01

    MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

  • CVE-2020-35477Dec 18, 2020
    risk 0.00cvss epss 0.02

    MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox)…

  • CVE-2020-35474Dec 18, 2020
    risk 0.00cvss epss 0.01

    In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

  • CVE-2012-4381Feb 8, 2020
    risk 0.00cvss epss 0.04

    MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict…

  • CVE-2013-6451Jan 28, 2020
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

  • CVE-2013-4303Dec 11, 2019
    risk 0.00cvss epss 0.02

    includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to…

  • CVE-2013-1817Nov 20, 2019
    risk 0.00cvss epss 0.03

    MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

  • CVE-2013-1816Nov 20, 2019
    risk 0.00cvss epss 0.03

    MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

  • CVE-2013-1951Oct 31, 2019
    risk 0.00cvss epss 0.02

    A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

  • CVE-2012-0046Oct 29, 2019
    risk 0.00cvss epss 0.01

    mediawiki allows deleted text to be exposed

  • CVE-2015-8005Nov 9, 2015
    risk 0.00cvss epss 0.01

    MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.

  • CVE-2015-8004Nov 9, 2015
    risk 0.00cvss epss 0.02

    MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns…

  • CVE-2015-8003Nov 9, 2015
    risk 0.00cvss epss 0.02

    MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.

  • CVE-2015-8002Nov 9, 2015
    risk 0.00cvss epss 0.02

    The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

  • CVE-2015-8001Nov 9, 2015
    risk 0.00cvss epss 0.02

    The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file…

  • CVE-2015-6734Sep 1, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via…

  • CVE-2015-6733Sep 1, 2015
    risk 0.00cvss epss 0.03

    GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

  • CVE-2015-6730Sep 1, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to…

Page 7 of 14