Wikimedia MediaWiki 安全漏洞

Wikimedia MediaWiki is a web application developed by the Wikimedia Foundation for building Wiki websites. There is a security vulnerability in Wikimedia MediaWiki, which stems from defects in the includes/Parser/CoreParserFunctions.Php and includes/Parser/Sanitizer.Php files. The following...

XML External Entity (XXE)

Concrete CMS is vulnerable to XML external entity. The vulnerability exists in dataToXml function in Sanitizer.php, which allows an attacker to inject and execute malicious code into the system due to improper sanitization of SVGs, leading to IP disclosure...

Information Exposure

mediawiki/core is vulnerable to information exposure. The vulnerability exists due to a lack of input sanitization in the checkCss function in the Sanitizer.php file, allowing an attacker to read sensitive information in the system through the DVI element...

Cross site scripting

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...

CVE-2006-2611

Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...