Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.19.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2012-4378
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki prior to 1.18.5 and 1.19.x prior to 1.19.2, when unspecified JavaScript gadgets are used, allow remote malicious users to inject arbitrary web script or HTML via the userlang parameter to w/index.php.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
6.1
CVSSv3
CVE-2012-4377
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.18.5 and 1.19.x prior to 1.19.2 allows remote malicious users to inject arbitrary web script or HTML via a File: link to a nonexistent image.
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2012-4380
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 allows remote malicious users to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki
6.5
CVSSv3
CVE-2012-4379
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote malicious users to conduct clickjacking attacks via an embedded API response in an IFRAME element.
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki
4.9
CVSSv3
CVE-2012-4382
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.1
9.8
CVSSv3
CVE-2014-9487
The getid3 library in MediaWiki prior to 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.12
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.19
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.21
Mediawiki Mediawiki 1.19.22
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.13
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.11
NA
CVE-2014-7295
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki prior to 1.19.20, 1.22.x prior to 1.22.12 and 1.23.x prior to 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demon...
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.18
Mediawiki Mediawiki 1.22.4
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.23.2
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.19.11
NA
CVE-2014-7199
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.19, 1.22.x prior to 1.22.11, and 1.23.x prior to 1.23.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG file.
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.11
Mediawiki Mediawiki 1.19.18
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.22.1
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.5
NA
CVE-2014-5243
MediaWiki prior to 1.19.18, 1.20.x up to and including 1.22.x prior to 1.22.9, and 1.23.x prior to 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site...
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.21.7
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.21.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki
NA
CVE-2014-5241
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki prior to 1.19.18, 1.20.x up to and including 1.22.x prior to 1.22.9, and 1.23.x prior to 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote ...
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.7
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »