Vulnerabilities > Mediawiki
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2014-9481 | Information Exposure vulnerability in Mediawiki The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | 5.9 |
| 2020-01-08 | CVE-2020-6163 | Cross-site Scripting vulnerability in Mediawiki 1.35 The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). | 6.1 |
| 2019-12-19 | CVE-2019-19910 | Cross-site Scripting vulnerability in Mediawiki 1.34/1.35 The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). | 6.1 |
| 2019-12-11 | CVE-2013-4303 | Cross-site Scripting vulnerability in Mediawiki includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | 6.1 |
| 2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
| 2019-12-11 | CVE-2019-19708 | Cross-site Scripting vulnerability in Mediawiki Visual Editor 1.34 The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. | 6.1 |
| 2019-11-20 | CVE-2013-1817 | Information Exposure vulnerability in multiple products MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | 7.5 |
| 2019-11-20 | CVE-2013-1816 | Improper Input Validation vulnerability in multiple products MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | 7.5 |
| 2019-11-15 | CVE-2019-18987 | Information Exposure vulnerability in Mediawiki Abusefilter An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. | 5.3 |
| 2019-10-31 | CVE-2013-1951 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | 6.1 |