Vulnerabilities > Mediawiki

DATE CVE VULNERABILITY TITLE RISK
2020-04-03 CVE-2020-10960 Injection vulnerability in Mediawiki
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page.
network
low complexity
mediawiki CWE-74
5.3
2020-03-20 CVE-2019-16528 Information Exposure Through Log Files vulnerability in Mediawiki Abusefilter 1.32/1.33
An issue was discovered in the AbuseFilter extension for MediaWiki.
network
low complexity
mediawiki CWE-532
7.5
2020-03-19 CVE-2019-16529 Unspecified vulnerability in Mediawiki Checkuser
An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki.
network
low complexity
mediawiki
5.3
2020-03-19 CVE-2019-15124 Cross-site Scripting vulnerability in Mediawiki Mobilefrontend 1.31.0/1.32.0/1.33.0
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed.
network
low complexity
mediawiki CWE-79
6.1
2020-03-12 CVE-2020-10534 Incorrect Authorization vulnerability in Mediawiki
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges.
network
low complexity
mediawiki CWE-863
critical
9.8
2020-02-08 CVE-2012-4381 Use of Hard-coded Credentials vulnerability in Mediawiki
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.
network
high complexity
mediawiki CWE-798
8.1
2020-02-06 CVE-2013-4572 Session Fixation vulnerability in multiple products
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
network
low complexity
mediawiki fedoraproject CWE-384
7.5
2020-01-28 CVE-2013-6455 Information Exposure vulnerability in Mediawiki
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.
network
low complexity
mediawiki CWE-200
5.3
2020-01-28 CVE-2013-6451 Cross-site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.
network
low complexity
mediawiki CWE-79
6.1
2020-01-27 CVE-2014-9481 Information Exposure vulnerability in Mediawiki
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
network
high complexity
mediawiki CWE-200
5.9