Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

mediawiki mediawiki vulnerabilities and exploits

(subscribe to this query)
0.003
EPSS

CVE-2014-2853

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki prior to 1.21.9 and 1.22.x prior to 1.22.6 allows remote malicious users to inject arbitrary web script or HTML via the sort key in an info action.
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.2.0Mediawiki Mediawiki 1.2.1Mediawiki Mediawiki 1.2.2Mediawiki Mediawiki 1.2.3Mediawiki Mediawiki 1.2.4Mediawiki Mediawiki 1.2.5Mediawiki Mediawiki 1.2.6Mediawiki Mediawiki 1.3Mediawiki Mediawiki 1.3.0Mediawiki Mediawiki 1.3.1
0.006
EPSS

CVE-2010-2788

Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki prior to 1.15.5, when wgEnableProfileInfo is enabled, allows remote malicious users to inject arbitrary web script or HTML via the filter parameter.
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.2.0Mediawiki Mediawiki 1.2.1Mediawiki Mediawiki 1.2.2Mediawiki Mediawiki 1.2.3Mediawiki Mediawiki 1.2.4Mediawiki Mediawiki 1.2.5Mediawiki Mediawiki 1.2.6Mediawiki Mediawiki 1.3Mediawiki Mediawiki 1.3.0Mediawiki Mediawiki 1.3.1
0.003
EPSS

CVE-2010-1189

MediaWiki prior to 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS valida...
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.2.0Mediawiki Mediawiki 1.2.1Mediawiki Mediawiki 1.2.2Mediawiki Mediawiki 1.2.3Mediawiki Mediawiki 1.2.4Mediawiki Mediawiki 1.2.5Mediawiki Mediawiki 1.2.6Mediawiki Mediawiki 1.3Mediawiki Mediawiki 1.3.0Mediawiki Mediawiki 1.3.1
0.002
EPSS

CVE-2010-1190

thumb.php in MediaWiki prior to 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote malicious users to bypass intended access restrictions and read private images via unspec...
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.2.0Mediawiki Mediawiki 1.2.1Mediawiki Mediawiki 1.2.2Mediawiki Mediawiki 1.2.3Mediawiki Mediawiki 1.2.4Mediawiki Mediawiki 1.2.5Mediawiki Mediawiki 1.2.6Mediawiki Mediawiki 1.3Mediawiki Mediawiki 1.3.0Mediawiki Mediawiki 1.3.1
0.003
EPSS

CVE-2014-2242

includes/upload/UploadBase.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via an SVG upload...
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.10.0Mediawiki Mediawiki 1.10.1Mediawiki Mediawiki 1.10.2Mediawiki Mediawiki 1.10.3Mediawiki Mediawiki 1.10.4Mediawiki Mediawiki 1.11Mediawiki Mediawiki 1.11.0Mediawiki Mediawiki 1.11.1Mediawiki Mediawiki 1.11.2Mediawiki Mediawiki 1.12.0
0.003
EPSS

CVE-2014-2243

includes/User.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote malicious users to obtain access via a brute-forc...
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.10.0Mediawiki Mediawiki 1.10.1Mediawiki Mediawiki 1.10.2Mediawiki Mediawiki 1.10.3Mediawiki Mediawiki 1.10.4Mediawiki Mediawiki 1.11Mediawiki Mediawiki 1.11.0Mediawiki Mediawiki 1.11.1Mediawiki Mediawiki 1.11.2Mediawiki Mediawiki 1.12.0
0.002
EPSS

CVE-2014-2244

Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki prior to 1.19.12, 1.20.x and 1.21.x prior to 1.21.6, and 1.22.x prior to 1.22.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted st...
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.10.0Mediawiki Mediawiki 1.10.1Mediawiki Mediawiki 1.10.2Mediawiki Mediawiki 1.10.3Mediawiki Mediawiki 1.10.4Mediawiki Mediawiki 1.11Mediawiki Mediawiki 1.11.0Mediawiki Mediawiki 1.11.1Mediawiki Mediawiki 1.11.2Mediawiki Mediawiki 1.12.0
0.188
EPSS

CVE-2012-2698

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki prior to 1.17.5, 1.18.x prior to 1.18.4, and 1.19.x prior to 1.19.1 allows remote malicious users to inject arbitrary web script or HTML via the uselang parameter to inde...
Mediawiki Mediawiki 1.18Mediawiki Mediawiki 1.18.0Mediawiki Mediawiki 1.18.1Mediawiki Mediawiki 1.18.2Mediawiki Mediawiki 1.18.3Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.2.0Mediawiki Mediawiki 1.2.1Mediawiki Mediawiki 1.2.2Mediawiki Mediawiki 1.2.3Mediawiki Mediawiki 1.2.4
0.002
EPSS

CVE-2011-1765

Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.16.5, when Internet Explorer 6 or earlier is used, allows remote malicious users to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query...
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.2.0Mediawiki Mediawiki 1.2.1Mediawiki Mediawiki 1.2.2Mediawiki Mediawiki 1.2.3Mediawiki Mediawiki 1.2.4Mediawiki Mediawiki 1.2.5Mediawiki Mediawiki 1.2.6Mediawiki Mediawiki 1.3Mediawiki Mediawiki 1.3.0Mediawiki Mediawiki 1.3.1
0.002
EPSS

CVE-2011-1766

includes/User.php in MediaWiki prior to 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote malicious users to bypass authentication by creating crafted wikiUserID and wikiUserName cookies...
Mediawiki MediawikiMediawiki Mediawiki 1.1.0Mediawiki Mediawiki 1.2.0Mediawiki Mediawiki 1.2.1Mediawiki Mediawiki 1.2.2Mediawiki Mediawiki 1.2.3Mediawiki Mediawiki 1.2.4Mediawiki Mediawiki 1.2.5Mediawiki Mediawiki 1.2.6Mediawiki Mediawiki 1.3Mediawiki Mediawiki 1.3.0Mediawiki Mediawiki 1.3.1
Preferred Score:
EPSS
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-48132man-in-the-middleCVE-2024-47893CVE-2025-4664CVE-2025-4795CVE-2025-4476server-side request forgeryjavier revillacurcyapp cheapcsv mass importerwirelessCVE-2024-46982
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook