Vulnerabilities > Mediawiki > Mediawiki > 1.25.5

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-19709 Open Redirect vulnerability in multiple products
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
network
low complexity
mediawiki debian CWE-601
6.1
6.1
2019-09-26 CVE-2019-16738 Missing Authorization vulnerability in multiple products
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
network
low complexity
mediawiki fedoraproject debian CWE-862
5.3
5.3
2019-07-10 CVE-2019-12470 Missing Authorization vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
4.0
4.0
2019-07-10 CVE-2019-12469 Missing Authorization vulnerability in multiple products
MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
4.0
4.0
2019-07-10 CVE-2019-12474 Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak.
network
low complexity
mediawiki debian
5.0
5.0
2019-07-10 CVE-2019-12472 Unspecified vulnerability in Mediawiki
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1.
network
low complexity
mediawiki
5.0
5.0
2019-07-10 CVE-2019-12466 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 allows CSRF. 		6.8
6.8
2019-07-10 CVE-2019-12467 MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3).
network
low complexity
mediawiki debian
5.0
5.0
2017-11-15 CVE-2017-8815 Improper Input Validation vulnerability in multiple products
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
network
low complexity
mediawiki debian CWE-20
5.0
5.0
2017-11-15 CVE-2017-8814 Improper Input Validation vulnerability in multiple products
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
network
low complexity
mediawiki debian CWE-20
5.0
5.0