Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.19.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2012-4378
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki prior to 1.18.5 and 1.19.x prior to 1.19.2, when unspecified JavaScript gadgets are used, allow remote malicious users to inject arbitrary web script or HTML via the userlang parameter to w/index.php.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
7.5
CVSSv3
CVE-2012-4380
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 allows remote malicious users to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2012-4377
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.18.5 and 1.19.x prior to 1.19.2 allows remote malicious users to inject arbitrary web script or HTML via a File: link to a nonexistent image.
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2012-4379
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote malicious users to conduct clickjacking attacks via an embedded API response in an IFRAME element.
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki
4.9
CVSSv3
CVE-2012-4382
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.1
NA
CVE-2013-2114
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 up to and including 1.19.6 and 1.20.x prior to 1.20.6 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension.
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.4
NA
CVE-2013-6454
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via a -o-link attribute.
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
NA
CVE-2013-4570
The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to ...
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
NA
CVE-2013-4571
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 has unspecified impact and remote vectors.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
NA
CVE-2013-4574
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via vectors related to videos.
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.21
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »