7 matches found
MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities
According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - Input validation errors exist that allow cross-site scripting attacks. CVE-2013-4567, CVE-2013-4568 - An error exists related to session IDs and HTTP headers that...
Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)
Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...
CVE-2013-4569
The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information revision-deleted IPs via the Recent Changes page...
Design/Logic Flaw
The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information revision-deleted IPs via the Recent Changes page...
CVE-2013-4569
CVE-2013-4569 affects the CleanChanges extension for MediaWiki. When the “Group changes by page in recent changes and watchlist” option is enabled, remote attackers can view sensitive information (revision-deleted IPs) via the Recent Changes page. Affected versions are MediaWiki before 1.19.9, 1....
CVE-2013-4569
The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information revision-deleted IPs via the Recent Changes page...
Fedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874)
Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...