Vulnerabilities > Mediawiki > Mediawiki > 1.10.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-12 | CVE-2013-6454 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute. | 4.3 |
2014-05-12 | CVE-2013-6453 | Improper Input Validation vulnerability in Mediawiki MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML. | 7.5 |
2014-05-12 | CVE-2013-6452 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file. | 4.3 |
2014-05-12 | CVE-2013-4574 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos. | 4.3 |
2014-05-12 | CVE-2013-4571 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mediawiki Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. | 7.5 |
2014-05-12 | CVE-2013-4570 | Unspecified vulnerability in Mediawiki The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function. | 5.0 |
2014-04-29 | CVE-2014-2853 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action. | 4.3 |
2014-04-20 | CVE-2014-2665 | Improper Authentication vulnerability in Mediawiki includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. | 4.0 |
2013-12-13 | CVE-2013-4569 | Information Exposure vulnerability in Mediawiki The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page. | 4.3 |
2013-12-13 | CVE-2013-4568 | HTML Injection vulnerability in Mediawiki CSS Tags Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer. network mediawiki | 4.3 |