Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.18.1 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-0362
Mediawiki prior to 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
Mediawiki Mediawiki
Debian Debian Linux 7.0
6.8
CVSSv2
CVE-2012-5391
Session fixation vulnerability in Special:UserLogin in MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the session_id.
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.20
6.8
CVSSv2
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the centralauth_Session cookie.
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.18.3
4.3
CVSSv2
CVE-2014-2853
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki prior to 1.21.9 and 1.22.x prior to 1.22.6 allows remote malicious users to inject arbitrary web script or HTML via the sort key in an info action.
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.10.2
Mediawiki Mediawiki 1.10.3
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.22.4
Mediawiki Mediawiki 1.22.5
4.3
CVSSv2
CVE-2014-2242
includes/upload/UploadBase.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via an SVG upload...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.21.5
5.8
CVSSv2
CVE-2014-2243
includes/User.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote malicious users to obtain access via a brute-forc...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.21.5
4.3
CVSSv2
CVE-2014-2244
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted st...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.21.5
4.3
CVSSv2
CVE-2013-2031
MediaWiki prior to 1.19.6 and 1.20.x prior to 1.20.5 allows remote malicious users to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome an...
Gentoo Linux
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.17.3
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.16.1
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.2
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.13.2
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18
5
CVSSv2
CVE-2013-2032
MediaWiki prior to 1.19.6 and 1.20.x prior to 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote malicious users to bypass the intended restrictions of an extension that only implem...
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.10.3
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.16.2
5
CVSSv2
CVE-2012-4885
The wikitext parser in MediaWiki 1.17.x prior to 1.17.3 and 1.18.x prior to 1.18.2 allows remote malicious users to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »