Vulnerabilities > Mediawiki > Mediawiki > 1.21.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-06 | CVE-2013-4572 | Session Fixation vulnerability in multiple products The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | 5.0 |
| 2020-01-28 | CVE-2013-6455 | Information Exposure vulnerability in Mediawiki The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | 5.0 |
| 2020-01-28 | CVE-2013-6451 | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | 4.3 |
| 2020-01-27 | CVE-2014-9481 | Information Exposure vulnerability in Mediawiki The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | 4.3 |
| 2019-12-11 | CVE-2013-4303 | Cross-site Scripting vulnerability in Mediawiki includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | 4.3 |
| 2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
| 2019-09-26 | CVE-2019-16738 | Missing Authorization vulnerability in multiple products In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | 5.3 |
| 2019-07-10 | CVE-2019-12470 | Missing Authorization vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. | 4.0 |
| 2019-07-10 | CVE-2019-12469 | Missing Authorization vulnerability in multiple products MediaWiki through 1.32.1 has Incorrect Access Control. | 4.0 |
| 2019-07-10 | CVE-2019-12472 | Unspecified vulnerability in Mediawiki An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. | 5.0 |