Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2010-1648
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the ...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.2
6.8
CVSSv2
CVE-2007-1054
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x up to and including 1.9.2, when $wgUseAjax is enabled, allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is proces...
Mediawiki Mediawiki
6.8
CVSSv2
CVE-2007-1055
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x prior to 1.9.0rc2, and 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.9.0
6.8
CVSSv2
CVE-2004-2185
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote malicious users to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, an...
Mediawiki Mediawiki 1.3.5
6.5
CVSSv2
CVE-2021-41801
The ReplaceText extension up to and including 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)
Mediawiki Mediawiki
6.5
CVSSv2
CVE-2020-35625
An issue exists in the Widgets extension for MediaWiki up to and including 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smart...
Mediawiki Mediawiki
6.5
CVSSv2
CVE-2017-0367
Mediawiki prior to 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
Mediawiki Mediawiki
Debian Debian Linux 7.0
6.4
CVSSv2
CVE-2021-31553
An issue exists in the CheckUser extension for MediaWiki up to and including 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example...
Mediawiki Mediawiki
6.4
CVSSv2
CVE-2020-15164
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this ex...
Scratch-wiki Scratch Login
6
CVSSv2
CVE-2021-36132
An issue exists in the FileImporter extension in MediaWiki up to and including 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operat...
Mediawiki Mediawiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »