Vulnerabilities > Mediawiki > Mediawiki > 1.29.1

DATE CVE VULNERABILITY TITLE RISK
2019-09-26 CVE-2019-16738 Missing Authorization vulnerability in multiple products
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
network
low complexity
mediawiki fedoraproject debian CWE-862
5.3
5.3
2019-07-10 CVE-2019-12470 Missing Authorization vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
4.0
4.0
2019-07-10 CVE-2019-12469 Missing Authorization vulnerability in multiple products
MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
4.0
4.0
2019-07-10 CVE-2019-12466 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 allows CSRF. 		6.8
6.8
2019-07-10 CVE-2019-12468 Missing Authentication for Critical Function vulnerability in multiple products
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1.
network
low complexity
mediawiki debian CWE-306
7.5
7.5
2017-11-15 CVE-2017-8815 Improper Input Validation vulnerability in multiple products
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
network
low complexity
mediawiki debian CWE-20
5.0
5.0
2017-11-15 CVE-2017-8814 Improper Input Validation vulnerability in multiple products
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
network
low complexity
mediawiki debian CWE-20
5.0
5.0
2017-11-15 CVE-2017-8812 MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
network
low complexity
mediawiki debian
5.0
5.0
2017-11-15 CVE-2017-8811 Improper Input Validation vulnerability in multiple products
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. 		4.3
4.3
2017-11-15 CVE-2017-8810 Information Exposure vulnerability in multiple products
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
network
low complexity
mediawiki debian CWE-200
5.0
5.0