Mediawiki Security Vulnerabilities and Issues — Mediawiki CVE List

Lucene search

MediawikiMediawiki

9 matches found

CVE•added 2014/05/12 2:55 p.m.•62 views

CVE-2013-6453

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.

7.5CVSS6.5AI score0.00623EPSS

CVE•added 2014/05/12 2:55 p.m.•62 views

CVE-2013-6472

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

5CVSS6.1AI score0.00403EPSS

CVE•added 2014/05/12 2:55 p.m.•58 views

CVE-2013-6454

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.

4.3CVSS5.9AI score0.00318EPSS

CVE•added 2014/05/12 2:55 p.m.•57 views

CVE-2013-6452

4.3CVSS5.9AI score0.00318EPSS

CVE•added 2014/05/12 2:55 p.m.•48 views

CVE-2013-4570

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures ...

5CVSS6.8AI score0.00727EPSS

CVE•added 2014/05/12 2:55 p.m.•38 views

CVE-2014-3455

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the ...

6.8CVSS7.7AI score0.00116EPSS

CVE•added 2014/05/12 2:55 p.m.•37 views

CVE-2013-4574

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.

4.3CVSS5.8AI score0.00318EPSS

CVE•added 2014/05/12 2:55 p.m.•37 views

CVE-2014-3454

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vecto...

6.8CVSS7.3AI score0.00157EPSS

CVE•added 2014/05/12 2:55 p.m.•36 views

CVE-2013-4571

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.

7.5CVSS7.2AI score0.00514EPSS