Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wikimedia vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 up to and including 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Mediawiki Mediawiki
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2019-12466
Wikimedia MediaWiki up to and including 1.32.1 allows CSRF.
Mediawiki Mediawiki
Debian Debian Linux 9.0
5
CVSSv2
CVE-2019-12472
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 up to and including 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
5
CVSSv2
CVE-2019-12473
Wikimedia MediaWiki 1.27.0 up to and including 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
5
CVSSv2
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 up to and including 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Mediawiki Mediawiki
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2020-36324
Wikimedia Quarry analytics-quarry-web prior to 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
Wikimedia Analytics-quarry-web
4.3
CVSSv2
CVE-2021-30458
An issue exists in Wikimedia Parsoid prior to 0.11.1 and 0.12.x prior to 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.
Wikimedia Parsoid
4.3
CVSSv2
CVE-2019-19329
In Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: th...
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
4.3
CVSSv2
CVE-2019-19327
ui/ResultView.js in Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0...
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
4.3
CVSSv2
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
Wikimedia Wikidata Query Gui
Wikimedia Wikidata Query Gui 0.3.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »