Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-8622
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as de...
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.2
5.3
CVSSv3
CVE-2015-8628
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 allow remote malicious users to obtain sens...
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
NA
CVE-2004-1405
MediaWiki 1.3.8 and previous versions, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote malicious users to upload and execute arbitrary code.
Mediawiki Mediawiki 1.3.11
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.8
1 EDB exploit
NA
CVE-2007-4828
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 up to and including 1.8.4, 1.9.0 up to and including 1.9.3, 1.10.0 up to and including 1.10.1, and the 1.11 development versions prior to 1.11.0 allows remote malicious users to inject arb...
Mediawiki Mediawiki 1.8.2
Mediawiki Mediawiki 1.8.3
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.11 Development
Mediawiki Mediawiki 1.9.1
Mediawiki Mediawiki 1.9.2
Mediawiki Mediawiki 1.8.4
Mediawiki Mediawiki 1.9.0
Mediawiki Mediawiki 1.8.0
Mediawiki Mediawiki 1.8.1
Mediawiki Mediawiki 1.9.3
NA
CVE-2014-5242
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x prior to 1.22.9 and 1.23.x prior to 1.23.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction w...
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.22.4
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.1
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.22.2
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.23.0
NA
CVE-2008-5687
MediaWiki 1.11, and other versions prior to 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote malicious users to obtain sensitive information via requests for files in images/deleted/.
Mediawiki Mediawiki 1.11
Mediawiki Mediawiki 1.11.2
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.12.2
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.13.2
NA
CVE-2005-0535
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x prior to 1.3.11 and 1.4 beta prior to 1.4 rc1 allows remote malicious users to perform unauthorized actions as authenticated MediaWiki users.
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.9
Gentoo Linux
NA
CVE-2005-2215
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.4.x prior to 1.4.6 and 1.5 prior to 1.5beta3 allows remote malicious users to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
Mediawiki Mediawiki 1.5 Beta2
Mediawiki Mediawiki 1.4.1
Mediawiki Mediawiki 1.4.2
Mediawiki Mediawiki 1.4.3
Mediawiki Mediawiki 1.4.5
Mediawiki Mediawiki 1.4 Beta6
Mediawiki Mediawiki 1.5 Alpha2
Mediawiki Mediawiki 1.5 Alpha1
Mediawiki Mediawiki 1.5 Beta1
NA
CVE-2015-8001
The chunked upload API (ApiUpload) in MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the fil...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.2
NA
CVE-2015-8003
MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »