mediawiki mediawiki 1.28.1 vulnerabilities and exploits

(subscribe to this query)

MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.

Mediawiki Mediawiki Mediawiki Mediawiki 1.29.0 Mediawiki Mediawiki 1.29.1 Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki 1.28.1 Mediawiki Mediawiki 1.28.2 Debian Debian Linux 9.0

api.php in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has a Reflected File Download vulnerability.

Mediawiki Mediawiki 1.29.0 Mediawiki Mediawiki 1.29.1 Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki 1.28.1 Mediawiki Mediawiki Mediawiki Mediawiki 1.28.2 Debian Debian Linux 9.0

1 Github repository

MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote malicious users to enumerate account names a...

Mediawiki Mediawiki 1.28.1 Mediawiki Mediawiki Mediawiki Mediawiki 1.29.0 Mediawiki Mediawiki 1.29.1 Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki 1.28.2 Debian Debian Linux 9.0

The implementation of raw message parameter expansion in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows HTML mangling attacks.

Mediawiki Mediawiki 1.29.0 Mediawiki Mediawiki 1.29.1 Mediawiki Mediawiki 1.28.1 Mediawiki Mediawiki Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki 1.28.2 Debian Debian Linux 9.0

MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows remote malicious users to inject > (greater than) characters via the id attribute of a headline.

Mediawiki Mediawiki 1.28.1 Mediawiki Mediawiki Mediawiki Mediawiki 1.29.0 Mediawiki Mediawiki 1.29.1 Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki 1.28.2 Debian Debian Linux 9.0

The language converter in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows malicious users to replace text inside tags via a rule definition followed by "a lot of junk."

Mediawiki Mediawiki 1.29.1 Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki 1.28.1 Mediawiki Mediawiki 1.28.2 Mediawiki Mediawiki 1.29.0 Mediawiki Mediawiki Debian Debian Linux 9.0

The language converter in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows attribute injection attacks via glossary rules.

Mediawiki Mediawiki 1.29.0 Mediawiki Mediawiki Mediawiki Mediawiki 1.29.1 Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki 1.28.1 Mediawiki Mediawiki 1.28.2 Debian Debian Linux 9.0

Parameters injection in the SyntaxHighlight extension of Mediawiki prior to 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

Mediawiki Mediawiki 1.27.1 Mediawiki Mediawiki 1.28.0 Mediawiki Mediawiki Mediawiki Mediawiki 1.27.2 Mediawiki Mediawiki 1.27.0 Mediawiki Mediawiki 1.28.1 Debian Debian Linux 9.0 Debian Debian Linux 7.0

MediaWiki prior to 1.23.16, 1.24.x up to and including 1.27.x prior to 1.27.2, and 1.28.x prior to 1.28.1 allows remote malicious users to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an...

Mediawiki Mediawiki

Mediawiki prior to 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

Mediawiki Mediawiki Debian Debian Linux 7.0

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook