Vulnerabilities > Mediawiki > Mediawiki > 1.6.5

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-19709 Open Redirect vulnerability in multiple products
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
network
low complexity
mediawiki debian CWE-601
6.1
6.1
2019-11-20 CVE-2013-1817 Information Exposure vulnerability in multiple products
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
network
low complexity
mediawiki debian redhat fedoraproject CWE-200
5.0
5.0
2019-11-20 CVE-2013-1816 Improper Input Validation vulnerability in multiple products
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
network
low complexity
mediawiki debian redhat fedoraproject CWE-20
5.0
5.0
2019-10-31 CVE-2013-1951 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. 		4.3
4.3
2019-10-29 CVE-2012-0046 Information Exposure vulnerability in Mediawiki
mediawiki allows deleted text to be exposed
network
low complexity
mediawiki CWE-200
5.0
5.0
2019-09-26 CVE-2019-16738 Missing Authorization vulnerability in multiple products
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
network
low complexity
mediawiki fedoraproject debian CWE-862
5.3
5.3
2019-07-10 CVE-2019-12470 Missing Authorization vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
4.0
4.0
2019-07-10 CVE-2019-12469 Missing Authorization vulnerability in multiple products
MediaWiki through 1.32.1 has Incorrect Access Control.
network
low complexity
mediawiki debian CWE-862
4.0
4.0
2019-07-10 CVE-2019-12466 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Wikimedia MediaWiki through 1.32.1 allows CSRF. 		6.8
6.8
2019-07-10 CVE-2019-12467 MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3).
network
low complexity
mediawiki debian
5.0
5.0