Vulnerabilities > Mediawiki > Mediawiki > 1.19.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-11 | CVE-2013-4306 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. | 6.8 |
| 2013-10-11 | CVE-2013-4305 | Cross-Site Scripting vulnerability in Mediawiki 1.19.7/1.20.6/1.21.1 Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2013-09-12 | CVE-2013-4308 | Cross-Site Scripting vulnerability in Liquidthreads Project Liquidthreads 2.0/2.1 Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject. | 4.3 |
| 2013-09-12 | CVE-2013-4307 | Cross-Site Scripting vulnerability in Mediawiki Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description. | 4.3 |