Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-8626
The User::randomPassword function in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote malicious users to obtain access via a brute-for...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.2
9.6
CVSSv3
CVE-2015-10073
A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scr...
Tinymighty Wikiseo 1.2.1
9
CVSSv3
CVE-2020-15179
The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentiall...
Scratch-wiki Scratchsig
8.8
CVSSv3
CVE-2021-46147
An issue exists in MediaWiki prior to 1.35.5, 1.36.x prior to 1.36.3, and 1.37.x prior to 1.37.1. MassEditRegex allows CSRF.
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2021-41801
The ReplaceText extension up to and including 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2021-36132
An issue exists in the FileImporter extension in MediaWiki up to and including 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operat...
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2020-29004
The API in the Push extension for MediaWiki up to and including 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2020-35625
An issue exists in the Widgets extension for MediaWiki up to and including 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smart...
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2020-35626
An issue exists in the PushToWatch extension for MediaWiki up to and including 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php.
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2019-15150
In the OAuth2 Client extension prior to 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
Schine.games Mw-oauth2client
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »