Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.28.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-0372
Parameters injection in the SyntaxHighlight extension of Mediawiki prior to 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Mediawiki Mediawiki 1.27.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.27.2
Mediawiki Mediawiki 1.27.0
Mediawiki Mediawiki 1.28.1
Debian Debian Linux 9.0
Debian Debian Linux 7.0
9.8
CVSSv3
CVE-2017-8809
api.php in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has a Reflected File Download vulnerability.
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.28.2
Debian Debian Linux 9.0
1 Github repository
8.8
CVSSv3
CVE-2017-0367
Mediawiki prior to 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
Mediawiki Mediawiki
Debian Debian Linux 7.0
8.8
CVSSv3
CVE-2017-0362
Mediawiki prior to 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
Mediawiki Mediawiki
Debian Debian Linux 7.0
7.8
CVSSv3
CVE-2017-0361
Mediawiki prior to 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
Mediawiki Mediawiki
Debian Debian Linux 7.0
7.5
CVSSv3
CVE-2017-0371
MediaWiki prior to 1.23.16, 1.24.x up to and including 1.27.x prior to 1.27.2, and 1.28.x prior to 1.28.1 allows remote malicious users to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an...
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2017-8815
The language converter in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows attribute injection attacks via glossary rules.
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki 1.28.2
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-8810
MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote malicious users to enumerate account names a...
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.2
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-8814
The language converter in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows malicious users to replace text inside tags via a rule definition followed by "a lot of junk."
Mediawiki Mediawiki 1.29.1
Mediawiki Mediawiki 1.28.0
Mediawiki Mediawiki 1.28.1
Mediawiki Mediawiki 1.28.2
Mediawiki Mediawiki 1.29.0
Mediawiki Mediawiki
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2017-0369
Mediawiki prior to 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
Mediawiki Mediawiki
Debian Debian Linux 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »