1.3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2007-02-21	CVE-2007-1054	Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. network mediawiki	6.8
2007-02-12	CVE-2007-0894	Information Disclosure vulnerability in Mediawiki MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. network low complexity mediawiki	5.0
2006-05-26	CVE-2006-2611	Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the \| (pipe) character. network mediawiki	4.3
2005-12-22	CVE-2005-4501	Unspecified vulnerability in Mediawiki MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. network mediawiki	4.3
2005-10-06	CVE-2005-3166	Denial-Of-Service vulnerability in Mediawiki Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. network low complexity mediawiki	5.0
2005-07-27	CVE-2005-2396	Remote Cross-Site Scripting vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. network mediawiki	4.3
2005-05-02	CVE-2005-0536	Unspecified vulnerability in Mediawiki Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion. network low complexity mediawiki	5.0
2005-05-02	CVE-2005-0534	Unspecified vulnerability in Mediawiki Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script. network mediawiki	4.3
2004-12-31	CVE-2004-2152	Cross-Site Scripting vulnerability in MediaWiki Raw Page Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML. network mediawiki	4.3
2004-12-31	CVE-2004-1405	Remote Arbitrary Script Upload vulnerability in MediaWiki MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. network low complexity mediawiki	7.5