CVE-2015-6730

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

Cross site scripting

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

CVE-2015-6730

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

CVE-2015-6729

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page...

Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)

T94116 SECURITY: Compare API watchlist token in constant time T97391 SECURITY: Escape error message strings in thumb.php T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia...

FreeBSD : mediawiki -- multiple vulnerabilities (6241b5df-42a1-11e5-93ad-002590263bf5)

MediaWiki reports : Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that...

WordPress Daily Edition Theme Unauthorized Upload Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress Daily Edition Theme is a theme plugin for wordpress. WordPress Daily Edition Theme thumb.php fails t...

u5CMS 3.9.3 (thumb.php) Local File Inclusion Vulnerability

Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description u5CMS suffers from an authenticat...

Metinfo v5.2 /include/thumb.php 信息泄露漏洞

No description provided by source...

DEBIAN-CVE-2014-9475

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message...

Cross site scripting

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message...

CVE-2014-9475

CVE-2014-9475 is an XSS in MediaWiki's thumb.php allowing remote authenticated users to inject arbitrary script/HTML via a wikitext message. Affected are MediaWiki versions: before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1. Connected sources corroborate these af...

CVE-2014-9475

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message...

CVE-2014-9475

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message...

MediaWiki < 1.19.23 / 1.22.15 / 1.23.8 / 1.24.1 Multiple Vulnerabilities

Binary data 8611.prm...

DSA-3110-1 mediawiki - security update

Bulletin has no description...

RokBox <= 2.13 - thumb.php src Parameter XSS

The wprokbox WordPress plugin was affected by a thumb.php src Parameter XSS security vulnerability...

Blog:CMS 4.1 Thumb.PHP Remote File Include Vulnerability

No description provided by source...

MediaWiki thumb.php 'w' Parameter Remote Shell Command Injection

The version of MediaWiki running on the remote host is affected by a remote command injection vulnerability due to a failure to properly sanitize user-supplied input to the 'w' parameter in the 'thumb.php' script. A remote, unauthenticated attacker can exploit this issue to execute arbitrary...

WordPress Plugin RokStories - &#039;thumb.php&#039; Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/62459/info The RokStories plugin for WordPress is prone to multiple security vulnerabilities, including: 1. An arbitrary file-upload vulnerability 2. A cross-site scripting vulnerability 3. An information-disclosure vulnerability 4. A denial-of-service...