Vulnerabilities > Mediawiki > Mediawiki > 1.6.5.r14348

DATE CVE VULNERABILITY TITLE RISK
2012-01-08 CVE-2011-4361 Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.
network
low complexity
mediawiki CWE-264
5.0
5.0
2012-01-08 CVE-2011-4360 Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.
network
low complexity
mediawiki CWE-264
5.0
5.0
2011-02-04 CVE-2011-0047 Cross-Site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."
network
mediawiki CWE-79
4.3
4.3
2011-01-11 CVE-2011-0003 Improper Input Validation vulnerability in Mediawiki
MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.
network
mediawiki CWE-20
5.8
5.8
2007-02-12 CVE-2007-0894 Information Disclosure vulnerability in Mediawiki
MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.
network
low complexity
mediawiki
5.0
5.0
2007-01-11 CVE-2007-0177 Cross-Site Scripting vulnerability in MediaWiki
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
mediawiki
5.1
5.1
2006-06-07 CVE-2006-2895 Cross-Site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.
network
high complexity
mediawiki
2.6
2.6