Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.19.8 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2013-4303
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x prior to 1.19.8, 1.20.x prior to 1.20.7, and 1.21.x prior to 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote ma...
Mediawiki Mediawiki
9.8
CVSSv3
CVE-2014-9487
The getid3 library in MediaWiki prior to 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.18
Mediawiki Mediawiki 1.19.11
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.13
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.12
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.19
Mediawiki Mediawiki 1.19.20
NA
CVE-2014-7295
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki prior to 1.19.20, 1.22.x prior to 1.22.12 and 1.23.x prior to 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demon...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.18
NA
CVE-2014-7199
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.19, 1.22.x prior to 1.22.11, and 1.23.x prior to 1.23.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG file.
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.18
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.19.11
NA
CVE-2014-5241
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki prior to 1.19.18, 1.20.x up to and including 1.22.x prior to 1.22.9, and 1.23.x prior to 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote ...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.21.10
NA
CVE-2014-5243
MediaWiki prior to 1.19.18, 1.20.x up to and including 1.22.x prior to 1.22.9, and 1.23.x prior to 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.21.10
NA
CVE-2014-3966
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki prior to 1.19.16, 1.21.x prior to 1.21.10, and 1.22.x prior to 1.22.7, when wgRawHtml is enabled, allows remote malicious users to inject arbitrary web script or HTML via an invalid username.
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.11
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.13
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.12
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.22.2
Mediawiki Mediawiki 1.22.1
NA
CVE-2013-4571
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 has unspecified impact and remote vectors.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
NA
CVE-2014-3455
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allow remote...
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.3
NA
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »