Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

Prion
Prionadded 2018/04/13 4:29 p.m.15 views

Xxe

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites...

5.8CVSS6.3AI score0.01121EPSS
Exploits0References3Affected Software2
Cvelist
Cvelistadded 2018/04/13 4:0 p.m.23 views

CVE-2017-0363 Special:UserLogin?returnto=interwiki:foo will redirect to external sites

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites...

7.6AI score0.01121EPSS
Exploits0References3
Prion
Prionadded 2014/10/07 2:55 p.m.21 views

Cross site scripting

The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...

3.5CVSS6.1AI score0.01568EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2014/10/07 2:0 p.m.71 views

CVE-2014-7295

The CVE-2014-7295 entry affects MediaWiki; remote authenticated users could trigger cross-site scripting via crafted CSS on Special:Preferences and Special:UserLogin in affected branches (before 1.19.20, 1.22.x before 1.22.12, and 1.23.x before 1.23.5). The issue arises from CSS-based injection (...

3.5CVSS5.9AI score0.01568EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVEadded 2014/06/02 3:0 p.m.28 views

CVE-2012-5391

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the sessionid...

6.8CVSS6.4AI score0.02251EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2010/07/07 12:0 a.m.28 views

Fedora 13 : mediawiki-1.15.4-54.fc13 (2010-10779)

This update fixes two vulnerabilities in mediawiki CVE-2010-1647 Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as...

6.8CVSS5.4AI score0.01028EPSS
Exploits0References4
OpenVAS
OpenVASadded 2010/06/16 12:0 a.m.19 views

MediaWiki 1.15.x < 1.15.4, 1.16.x < 1.16 beta 3 XSS and CSRF Vulnerabilities

MediaWiki is prone to cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.8CVSS5.9AI score0.01028EPSS
Exploits0References3
Prion
Prionadded 2010/06/08 12:30 a.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...

6.8CVSS7.5AI score0.00611EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCveadded 2010/06/08 12:30 a.m.29 views

CVE-2010-1648

Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...

6.8CVSS5.9AI score0.00611EPSS
Exploits0References2
CVE
CVEadded 2010/06/07 8:0 p.m.60 views

CVE-2010-1648

MediaWiki 1.15.x before 1.15.4 and 1.16 before 1.16 beta 3 contains a CSRF in the login interface (Special:Userlogin) that can allow remote attackers to hijack user authentication for account creation or password reset. Affected products/versions are MediaWiki 1.15.x prior to 1.15.4 and 1.16 prio...

6.8CVSS7AI score0.00611EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2010/06/07 8:0 p.m.25 views

CVE-2010-1648

Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...

6.8AI score0.00611EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2010/06/07 8:0 p.m.31 views

CVE-2010-1648

Cross-site request forgery CSRF vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that 1 create accounts or 2 reset passwords, related to the Special:Userlogin form...

6.8CVSS6.6AI score0.00611EPSS
Exploits0
Rows per page
Query Builder