Published: 08/01/2012 Updated: 21/04/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

MediaWiki prior to 1.17.1 allows remote malicious users to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki
debian debian linux 5.0
debian debian linux 6.0

Debian Bug report logs - #650434 mediawiki: two security issues (fixed in 1171) Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> Date: Tue, 29 Nov 2011 18:39:09 UTC Severity: ...

Several problems have been discovered in MediaWiki, a website engine for collaborative work CVE-2011-1578 CVE-2011-1587 Masato Kinugawa discovered a cross-site scripting (XSS) issue, which affects Internet Explorer clients only, and only version 6 and earlier Web server configuration changes are required to fix this issue Upgrading ...

CWE-200 https://bugzilla.redhat.com/show_bug.cgi?id=758171 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html https://bugzilla.wikimedia.org/show_bug.cgi?id=32276 http://openwall.com/lists/oss-security/2011/11/29/12 http://openwall.com/lists/oss-security/2011/11/29/6 http://www.debian.org/security/2011/dsa-2366 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650434 https://nvd.nist.gov https://www.debian.org/security/./dsa-2366

CVE-2011-4360

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect