Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.25.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2 does not perform token comparison in constant time, which allows remote malicious users to guess the watchlist token and bypass CSRF protection via a timing at...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-6729
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2 allows remote malicious users to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-6730
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2 allows remote malicious users to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, relate...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-6733
GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2, allows remote malicious users to cause a denial of service (resource consumption) via unspecified vectors.
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-6734
Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki prior to 1.23.10, 1.24.x prior to 1.24.3, and 1.25.x prior to 1.25.2, allows remote malicious users to inject arbitrary web script or HTML via...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-8002
The chunked upload API (ApiUpload) in MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-8005
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote malicious users to obtain the installation path by reading the metadata of a PNG thumbnail file.
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-8003
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-8001
The chunked upload API (ApiUpload) in MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the fil...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
NA
CVE-2015-8004
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which ret...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »