Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.20 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2013-4572
The CentralNotice extension for MediaWiki prior to 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote malicious users to authenticate as the created user.
Mediawiki Mediawiki
Fedoraproject Fedora 18
Fedoraproject Fedora 19
6.1
CVSSv3
CVE-2013-4303
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x prior to 1.19.8, 1.20.x prior to 1.20.7, and 1.21.x prior to 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote ma...
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2013-1816
MediaWiki prior to 1.19.4 and 1.20.x prior to 1.20.3 allows remote malicious users to cause a denial of service (application crash) by sending a specially crafted request.
Mediawiki Mediawiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 18
7.5
CVSSv3
CVE-2013-1817
MediaWiki prior to 1.19.4 and 1.20.x prior to 1.20.3 contains an error in the api.php script which allows remote malicious users to obtain sensitive information.
Mediawiki Mediawiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 18
6.1
CVSSv3
CVE-2013-1951
A cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.5 and 1.20.x prior to 1.20.4 and allows remote malicious users to inject arbitrary web script or HTML via Lua function names.
Mediawiki Mediawiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2015-2937
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2, when using HHVM or Zend PHP, allows remote malicious users to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long r...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.24.1
NA
CVE-2015-2931
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 allows remote malicious users to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data:...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.24.1
NA
CVE-2015-2932
Incomplete blacklist vulnerability in MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 allows remote malicious users to inject arbitrary web script or HTML via an animated href XLink element.
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.24.1
NA
CVE-2015-2933
Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 allows remote malicious users to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language varian...
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.24.1
NA
CVE-2015-2934
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote malicious users to inject arbitrary web script or HTML via a crafted SVG file.
Mediawiki Mediawiki 1.23.0
Mediawiki Mediawiki 1.21.11
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.23.4
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.13
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.23.3
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.23.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.24.0
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.24.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »