Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mediawiki Subscribe
Filtered by product Mediawiki
Total 317 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4408 1 Mediawiki 1 Mediawiki 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
CVE-2008-1318 1 Mediawiki 1 Mediawiki 2017-08-07 5.0 MEDIUM N/A
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.
CVE-2007-4828 1 Mediawiki 1 Mediawiki 2017-07-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0788 1 Mediawiki 1 Mediawiki 2017-07-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."
CVE-2007-0177 1 Mediawiki 1 Mediawiki 2017-07-28 5.1 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-2611 1 Mediawiki 1 Mediawiki 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.
CVE-2006-2895 1 Mediawiki 1 Mediawiki 2017-07-19 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.
CVE-2006-1498 1 Mediawiki 1 Mediawiki 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.
CVE-2005-4501 1 Mediawiki 1 Mediawiki 2017-07-19 4.3 MEDIUM N/A
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.
CVE-2006-0322 1 Mediawiki 1 Mediawiki 2017-07-19 5.0 MEDIUM N/A
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."
CVE-2005-1245 1 Mediawiki 1 Mediawiki 2017-07-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2396 1 Mediawiki 1 Mediawiki 2017-07-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.
CVE-2004-2152 1 Mediawiki 1 Mediawiki 2017-07-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.
CVE-2016-6333 1 Mediawiki 1 Mediawiki 2017-04-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
CVE-2016-6334 1 Mediawiki 1 Mediawiki 2017-04-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
CVE-2016-6331 1 Mediawiki 1 Mediawiki 2017-04-24 5.0 MEDIUM 7.5 HIGH
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
CVE-2016-6337 1 Mediawiki 1 Mediawiki 2017-04-24 5.0 MEDIUM 7.5 HIGH
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
CVE-2016-6336 1 Mediawiki 1 Mediawiki 2017-04-24 4.0 MEDIUM 6.5 MEDIUM
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
CVE-2016-6335 1 Mediawiki 1 Mediawiki 2017-04-24 5.0 MEDIUM 7.5 HIGH
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
CVE-2016-6332 1 Mediawiki 1 Mediawiki 2017-04-24 5.0 MEDIUM 7.5 HIGH
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.