Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wikimedia vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 up to and including 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Mediawiki Mediawiki
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2019-12466
Wikimedia MediaWiki up to and including 1.32.1 allows CSRF.
Mediawiki Mediawiki
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2019-12472
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 up to and including 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2019-12473
Wikimedia MediaWiki 1.27.0 up to and including 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 up to and including 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2019-12470
Wikimedia MediaWiki up to and including 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated...
Wikimedia Mediawiki-extensions-i18ntags
6.1
CVSSv3
CVE-2020-36324
Wikimedia Quarry analytics-quarry-web prior to 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
Wikimedia Analytics-quarry-web
6.1
CVSSv3
CVE-2021-30458
An issue exists in Wikimedia Parsoid prior to 0.11.1 and 0.12.x prior to 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.
Wikimedia Parsoid
6.1
CVSSv3
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »