Vulnerabilities > Mediawiki > Mediawiki > 1.20.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-10 | CVE-2019-12466 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. | 6.8 |
2019-07-10 | CVE-2019-12467 | MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). | 5.0 |
2018-04-13 | CVE-2017-0372 | Injection vulnerability in multiple products Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 7.5 |
2017-12-29 | CVE-2015-8008 | Improper Access Control vulnerability in multiple products The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | 5.0 |
2017-11-15 | CVE-2017-8815 | Improper Input Validation vulnerability in multiple products The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | 5.0 |
2017-11-15 | CVE-2017-8814 | Improper Input Validation vulnerability in multiple products The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | 5.0 |
2017-11-15 | CVE-2017-8812 | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | 5.0 |
2017-11-15 | CVE-2017-8811 | Improper Input Validation vulnerability in multiple products The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | 4.3 |
2017-11-15 | CVE-2017-8810 | Information Exposure vulnerability in multiple products MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. | 5.0 |
2017-11-15 | CVE-2017-8809 | Injection vulnerability in multiple products api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | 7.5 |