Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.12.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-35479
MediaWiki prior to 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.
Mediawiki Mediawiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2014-2853
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki prior to 1.21.9 and 1.22.x prior to 1.22.6 allows remote malicious users to inject arbitrary web script or HTML via the sort key in an info action.
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.10.2
Mediawiki Mediawiki 1.10.3
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.22.4
Mediawiki Mediawiki 1.22.5
4.3
CVSSv2
CVE-2014-2244
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted st...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.21.5
5.8
CVSSv2
CVE-2014-2243
includes/User.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote malicious users to obtain access via a brute-forc...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.21.5
4.3
CVSSv2
CVE-2014-2242
includes/upload/UploadBase.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via an SVG upload...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.21.5
4.3
CVSSv2
CVE-2013-2031
MediaWiki prior to 1.19.6 and 1.20.x prior to 1.20.5 allows remote malicious users to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome an...
Gentoo Linux
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.17.3
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.16.1
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.2
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.13.2
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18
5
CVSSv2
CVE-2013-2032
MediaWiki prior to 1.19.6 and 1.20.x prior to 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote malicious users to bypass the intended restrictions of an extension that only implem...
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.17.2
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.10.3
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.16.2
4.3
CVSSv2
CVE-2012-2698
Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki prior to 1.17.5, 1.18.x prior to 1.18.4, and 1.19.x prior to 1.19.1 allows remote malicious users to inject arbitrary web script or HTML via the uselang parameter to inde...
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.2
Mediawiki Mediawiki 1.15.5
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.1
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.12.2
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.9.1
Mediawiki Mediawiki 1.9.0
1 EDB exploit
5
CVSSv2
CVE-2011-4360
MediaWiki prior to 1.17.1 allows remote malicious users to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.
Mediawiki Mediawiki
Debian Debian Linux 5.0
Debian Debian Linux 6.0
5
CVSSv2
CVE-2011-4361
MediaWiki prior to 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote malicious users to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonst...
Mediawiki Mediawiki
Debian Debian Linux 5.0
Debian Debian Linux 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »