Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mediawiki mediawiki 1.19.0 vulnerabilities and exploits

(subscribe to this query)
383
VMScore
CVE-2012-4379
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote malicious users to conduct clickjacking attacks via an embedded API response in an IFRAME element.
Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki
445
VMScore
CVE-2012-4380
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 allows remote malicious users to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki
356
VMScore
CVE-2012-4382
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
Mediawiki Mediawiki 1.19.0Mediawiki MediawikiMediawiki Mediawiki 1.19.1
383
VMScore
CVE-2012-4377
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.18.5 and 1.19.x prior to 1.19.2 allows remote malicious users to inject arbitrary web script or HTML via a File: link to a nonexistent image.
Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki
383
VMScore
CVE-2012-4378
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki prior to 1.18.5 and 1.19.x prior to 1.19.2, when unspecified JavaScript gadgets are used, allow remote malicious users to inject arbitrary web script or HTML via the userlang parameter to w/index.php.
Mediawiki MediawikiMediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.1
605
VMScore
CVE-2013-2114
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 up to and including 1.19.6 and 1.20.x prior to 1.20.6 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension.
Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.20.5Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.20.1Mediawiki Mediawiki 1.20.3Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.20.2Mediawiki Mediawiki 1.20.4Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.4
445
VMScore
CVE-2013-6472
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2
445
VMScore
CVE-2013-4570
The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to ...
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.7Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.2Mediawiki MediawikiMediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3
383
VMScore
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.7Mediawiki MediawikiMediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19.5
668
VMScore
CVE-2013-6453
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 does not properly sanitize SVG files, which allows remote malicious users to have unspecified impact via invalid XML.
Mediawiki Mediawiki 1.22.0Mediawiki Mediawiki 1.21.2Mediawiki Mediawiki 1.21.1Mediawiki Mediawiki 1.21.3Mediawiki Mediawiki 1.21Mediawiki Mediawiki 1.19.1Mediawiki Mediawiki 1.19.3Mediawiki Mediawiki 1.19.2Mediawiki Mediawiki 1.19.4Mediawiki Mediawiki 1.19Mediawiki Mediawiki 1.19.0Mediawiki Mediawiki 1.19.5Mediawiki Mediawiki 1.19.6Mediawiki Mediawiki 1.19.7Mediawiki Mediawiki 1.19.8Mediawiki Mediawiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook