Vulnerabilities > Mediawiki > Mediawiki > 1.23.13

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2016-6333 Cross-site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
network
mediawiki CWE-79
4.3
4.3
2017-04-20 CVE-2016-6332 Information Exposure vulnerability in Mediawiki
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
network
low complexity
mediawiki CWE-200
5.0
5.0
2017-04-20 CVE-2016-6331 Improper Access Control vulnerability in Mediawiki
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
network
low complexity
mediawiki CWE-284
5.0
5.0