Mediawiki Security Vulnerabilities and Issues — Mediawiki CVE List

Lucene search

MediawikiMediawiki

6 matches found

CVE•added 2005/07/27 4:0 a.m.•80 views

CVE-2005-2396

Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.

4.3CVSS5.6AI score0.00613EPSS

CVE•added 2005/07/10 4:0 a.m.•51 views

CVE-2004-2186

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.

7.5CVSS8.4AI score0.00431EPSS

CVE•added 2005/07/12 4:0 a.m.•49 views

CVE-2005-2215

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.

4.3CVSS5.7AI score0.00364EPSS

CVE•added 2005/07/01 4:0 a.m.•47 views

CVE-2004-2152

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

4.3CVSS5.9AI score0.00463EPSS

CVE•added 2005/07/10 4:0 a.m.•46 views

CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.

5CVSS6.5AI score0.00333EPSS

CVE•added 2005/07/10 4:0 a.m.•43 views

CVE-2004-2185

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.

6.8CVSS6.7AI score0.02002EPSS