Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.5 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
Pygments Pygments
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
Redhat Openstack Platform 10.0
Redhat Software Collections -
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
NA
CVE-2014-2853
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki prior to 1.21.9 and 1.22.x prior to 1.22.6 allows remote malicious users to inject arbitrary web script or HTML via the sort key in an info action.
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.10.2
Mediawiki Mediawiki 1.10.3
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.20.7
Mediawiki Mediawiki 1.22.3
Mediawiki Mediawiki 1.22.4
Mediawiki Mediawiki 1.22.5
NA
CVE-2012-2698
Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki prior to 1.17.5, 1.18.x prior to 1.18.4, and 1.19.x prior to 1.19.1 allows remote malicious users to inject arbitrary web script or HTML via the uselang parameter to inde...
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.17
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.2
Mediawiki Mediawiki 1.15.5
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.17.1
Mediawiki Mediawiki 1.17.0
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.1
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.12.2
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.9.1
Mediawiki Mediawiki 1.9.0
1 EDB exploit
NA
CVE-2011-1765
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.16.5, when Internet Explorer 6 or earlier is used, allows remote malicious users to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.1.0
Mediawiki Mediawiki 1.2.0
Mediawiki Mediawiki 1.2.1
Mediawiki Mediawiki 1.2.2
Mediawiki Mediawiki 1.2.3
Mediawiki Mediawiki 1.2.4
Mediawiki Mediawiki 1.2.5
Mediawiki Mediawiki 1.2.6
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.11
NA
CVE-2011-1766
includes/User.php in MediaWiki prior to 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote malicious users to bypass authentication by creating crafted wikiUserID and wikiUserName cookies...
Mediawiki Mediawiki 1.1.0
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.14
Mediawiki Mediawiki 1.2.1
Mediawiki Mediawiki 1.2.6
Mediawiki Mediawiki 1.4.0
Mediawiki Mediawiki 1.4.10
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.4.14
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.12.3
Mediawiki Mediawiki 1.4.5
Mediawiki Mediawiki 1.5.6
Mediawiki Mediawiki 1.5.3
Mediawiki Mediawiki 1.5.4
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.4
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.1
NA
CVE-2011-1578
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.16.3, when Internet Explorer 6 or earlier is used, allows remote malicious users to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query ...
Mediawiki Mediawiki 1.15.4
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.1
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.12.1
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.11.1
Mediawiki Mediawiki 1.16.1
Mediawiki Mediawiki
Mediawiki Mediawiki 1.15.5
Mediawiki Mediawiki 1.13.3
Mediawiki Mediawiki 1.13.4
Mediawiki Mediawiki 1.11
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.10.1
Mediawiki Mediawiki 1.9.2
Mediawiki Mediawiki 1.9.0
Mediawiki Mediawiki 1.8.2
Mediawiki Mediawiki 1.7.0
Mediawiki Mediawiki 1.6.10
Mediawiki Mediawiki 1.6.11
NA
CVE-2011-1579
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki prior to 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or obtain sensitive infor...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.16.1
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.13.3
Mediawiki Mediawiki 1.12.4
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.9.5
Mediawiki Mediawiki 1.9.2
Mediawiki Mediawiki 1.8.0
Mediawiki Mediawiki 1.8.1
Mediawiki Mediawiki 1.6.10
Mediawiki Mediawiki 1.6.11
Mediawiki Mediawiki 1.6.7
Mediawiki Mediawiki 1.6.8
Mediawiki Mediawiki 1.5.5
Mediawiki Mediawiki 1.5.6
Mediawiki Mediawiki 1.5.7
Mediawiki Mediawiki 1.5
NA
CVE-2011-1580
The transwiki import functionality in MediaWiki prior to 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.3
Mediawiki Mediawiki 1.13.4
Mediawiki Mediawiki 1.11
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.16.1
Mediawiki Mediawiki 1.15.5
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.13.0
Mediawiki Mediawiki 1.12.4
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.10.2
Mediawiki Mediawiki 1.9.3
Mediawiki Mediawiki 1.9.5
Mediawiki Mediawiki 1.8.0
Mediawiki Mediawiki 1.8.1
Mediawiki Mediawiki 1.6.1
Mediawiki Mediawiki 1.6.10
NA
CVE-2011-1587
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.16.4, when Internet Explorer 6 or earlier is used, allows remote malicious users to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (ques...
Mediawiki Mediawiki
Mediawiki Mediawiki 1.1.0
Mediawiki Mediawiki 1.2.0
Mediawiki Mediawiki 1.2.1
Mediawiki Mediawiki 1.2.2
Mediawiki Mediawiki 1.2.3
Mediawiki Mediawiki 1.2.4
Mediawiki Mediawiki 1.2.5
Mediawiki Mediawiki 1.2.6
Mediawiki Mediawiki 1.3
Mediawiki Mediawiki 1.3.0
Mediawiki Mediawiki 1.3.1
Mediawiki Mediawiki 1.3.2
Mediawiki Mediawiki 1.3.3
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.3.6
Mediawiki Mediawiki 1.3.7
Mediawiki Mediawiki 1.3.8
Mediawiki Mediawiki 1.3.9
Mediawiki Mediawiki 1.3.10
Mediawiki Mediawiki 1.3.11
NA
CVE-2010-2787
api.php in MediaWiki prior to 1.15.5 does not prevent use of public caching headers for private data, which allows remote malicious users to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by...
Mediawiki Mediawiki 1.10.0
Mediawiki Mediawiki 1.10.4
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.14.0
Mediawiki Mediawiki 1.13.1
Mediawiki Mediawiki 1.3.12
Mediawiki Mediawiki 1.3.15
Mediawiki Mediawiki 1.5.8
Mediawiki Mediawiki 1.2.2
Mediawiki Mediawiki 1.5
Mediawiki Mediawiki 1.3.4
Mediawiki Mediawiki 1.3.5
Mediawiki Mediawiki 1.4.7
Mediawiki Mediawiki 1.4.6
Mediawiki Mediawiki 1.4.3
Mediawiki Mediawiki 1.4.2
Mediawiki Mediawiki 1.5.5
Mediawiki Mediawiki 1.5.0
Mediawiki Mediawiki 1.11.0
Mediawiki Mediawiki 1.15.2
Mediawiki Mediawiki 1.1.0
Mediawiki Mediawiki 1.10.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »