Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-8626
The User::randomPassword function in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote malicious users to obtain access via a brute-for...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
6.1
CVSSv3
CVE-2015-8622
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as de...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
8.8
CVSSv3
CVE-2015-8624
The User::matchEditToken function in includes/User.php in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which al...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2015-8627
MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote malicious users to bypass intended access restrictions by using an IP address that...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
5.3
CVSSv3
CVE-2015-8628
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki prior to 1.23.12, 1.24.x prior to 1.24.5, 1.25.x prior to 1.25.4, and 1.26.x prior to 1.26.1 allow remote malicious users to obtain sens...
Mediawiki Mediawiki 1.24.2
Mediawiki Mediawiki 1.24.3
Mediawiki Mediawiki 1.24.4
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.24.1
Mediawiki Mediawiki 1.25.2
Mediawiki Mediawiki 1.26.0
Mediawiki Mediawiki 1.25.1
Mediawiki Mediawiki 1.25.0
Mediawiki Mediawiki 1.25.3
Mediawiki Mediawiki
NA
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the centralauth_Session cookie.
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
NA
CVE-2004-1405
MediaWiki 1.3.8 and previous versions, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote malicious users to upload and execute arbitrary code.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.11
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
1 EDB exploit
NA
CVE-2005-0534
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x prior to 1.3.11 and 1.4 beta prior to 1.4 rc1 allow remote malicious users to inject arbitrary web script.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.4 Beta6
Mediawiki Mediawiki 1.4 Beta3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.4 Beta4
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.4 Beta1
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.4 Beta2
Mediawiki Mediawiki 1.4 Beta5
NA
CVE-2005-0536
Directory traversal vulnerability in MediaWiki 1.3.x prior to 1.3.11 and 1.4 beta prior to 1.4 rc1 allows remote malicious users to delete arbitrary files or determine file existence via a parameter related to image deletion.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.4 Beta6
Mediawiki Mediawiki 1.4 Beta3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.4 Beta4
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.4 Beta1
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.4 Beta2
Mediawiki Mediawiki 1.4 Beta5
NA
CVE-2005-1245
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.4 Beta3
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.4 Beta4
Mediawiki Mediawiki 1.4 Beta1
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.11
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.4 Beta2
Mediawiki Mediawiki 1.4 Beta5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »