CVE-2014-9475

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message...

Updated mediawiki packages fix security vulnerability

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...

DEBIAN-CVE-2012-4885

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...

CVE-2012-4885

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...

DEBIAN-CVE-2012-1582

Cross-site scripting XSS vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension...

Input validation

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...

CVE-2012-4885

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...

CVE-2012-4885

CVE-2012-4885 concerns MediaWiki’s wikitext parser. The issue affects MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2, where certain input can trigger an infinite loop in the parser, causing a denial of service. The vulnerability is triggered via crafted input demonstrated by the padleft ...

Debian Security Advisory DSA 2366-1 (mediawiki)

The remote host is missing an update to mediawiki announced via advisory DSA 2366-1. OpenVAS Vulnerability Test $Id: deb23661.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2366-1 mediawiki Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Cross site scripting

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...

MediaWiki 1.16.3之前版本存在多个远程漏洞

Bugtraq ID: 47354 MediaWiki是一套以GPL授权发行的Wiki引擎。 MediaWiki存在多个安全漏洞，允许恶意用户进行跨站脚本攻击和绕过部分安全限制。 -应用程序不正确防止部分浏览器如Internet Explorer 6基于查询URL结尾来猜测内容类型，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -通过CSS评注传递的输入在显示给用户之前，wikitext解析器没有对其进行过滤，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -transwiki导入功能没有正确限制表单发送访问，可被利用执行未授权远程资源导入。...