Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2020/12/18 5:9 p.m.33 views

CVE-2020-35474

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML...

6.1CVSS0.8AI score0.01029EPSS
Exploits1References4
OSV
OSV
added 2020/12/18 8:15 a.m.19 views

CVE-2020-35474

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML...

6.1CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2014/05/12 2:55 p.m.10 views

UBUNTU-CVE-2013-6472

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the 1 log API, 2 enhanced RecentChanges, and 3 user watchlists...

5CVSS7.3AI score0.01267EPSS
Exploits0References3
Prion
Prion
added 2013/12/13 6:7 p.m.20 views

Design/Logic Flaw

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information revision-deleted IPs via the Recent Changes page...

4.3CVSS6.6AI score0.01824EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/12/13 6:0 p.m.26 views

CVE-2013-4569

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information revision-deleted IPs via the Recent Changes page...

7.3AI score0.01824EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2013/03/07 6:50 p.m.15 views

Stefan Esser

Mobile security researcher Stefan Esser discussed the security model of Apple iOS and some of the recent changes the company has made to lock it down even further...

1.5AI score
Exploits0
Packet Storm
Packet Storm
added 2011/11/09 12:0 a.m.24 views

LabWiki 1.1 Cross Site Scripting / Shell Upload

------------------------------------------------------------------------ LabWiki alert'muuratsalo'&help=true&page=Whatiswiki http://localhost/LabWiki/recentchanges.php?nothing=nothing&pageno="alert'muuratsalo'...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2006/03/13 10:0 p.m.16 views

CVE-2006-1196

Multiple cross-site scripting XSS vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 from and 2 help parameters to a index.php; 3 action, 4 page, 5 debug, 6 help, 7 username, or 8 password parameters to b login.php; the 7 help parameter to c...

6AI score0.02456EPSS
Exploits1References9
Rows per page
Query Builder