MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - Input validation errors exist that allow cross-site scripting attacks. CVE-2013-4567, CVE-2013-4568 - An error exists related to session IDs and HTTP headers that...

Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)

Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...

CVE-2012-5394

Cross-site request forgery CSRF vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading...

CVE-2012-5394

CVE-2012-5394 is a CSRF vulnerability in the CentralAuth extension for MediaWiki that can allow an attacker to hijack a user’s authenticated session for login requests via image-loading vectors. Affected are MediaWiki versions: before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3. The NV...

CVE-2012-5394

Cross-site request forgery CSRF vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading...

Fedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874)

Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...

MediaWiki < 1.19.8 / 1.20.7 / 1.21.2 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - The full installation path is disclosed in an error message when an invalid language is specified in the ResourceLoader. CVE-2013-4301 - Multiple cross-site reque...

MediaWiki < 1.18.6 / 1.19.3 / 1.20.1 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - MediaWiki core is vulnerable to session fixation attacks that allow an attacker to compromise another user's account. CVE-2012-5391 - The MediaWiki CentralAut...