Vulnerabilities > Mediawiki > Mediawiki > stable.2003.08.29
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-01-08 | CVE-2011-4361 | Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | 5.0 |
| 2012-01-08 | CVE-2011-4360 | Permissions, Privileges, and Access Controls vulnerability in Mediawiki and Mediawiki Botquery EXT MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter. | 5.0 |
| 2011-02-04 | CVE-2011-0047 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability." | 4.3 |
| 2011-01-11 | CVE-2011-0003 | Improper Input Validation vulnerability in Mediawiki MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 5.8 |
| 2005-06-06 | CVE-2005-1888 | HTML Injection vulnerability in MediaWiki Page Template Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. network mediawiki | 4.3 |