Vulnerabilities > Mediawiki > Mediawiki > 1.28.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
2019-09-26 | CVE-2019-16738 | Missing Authorization vulnerability in multiple products In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | 5.3 |
2019-07-10 | CVE-2019-12470 | Missing Authorization vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. | 4.0 |
2019-07-10 | CVE-2019-12469 | Missing Authorization vulnerability in multiple products MediaWiki through 1.32.1 has Incorrect Access Control. | 4.0 |
2019-07-10 | CVE-2019-12466 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. | 6.8 |
2019-07-10 | CVE-2019-12468 | Missing Authentication for Critical Function vulnerability in multiple products An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. | 7.5 |
2018-04-13 | CVE-2017-0372 | Injection vulnerability in multiple products Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 7.5 |
2018-04-13 | CVE-2017-0370 | Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | 5.0 |
2018-04-13 | CVE-2017-0369 | Incorrect Default Permissions vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | 4.0 |
2018-04-13 | CVE-2017-0368 | Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | 5.0 |