Vulnerabilities > Mediawiki

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-10	CVE-2019-12471	Cross-site Scripting vulnerability in multiple products Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. network low complexity mediawiki debian CWE-79	6.1
2019-07-10	CVE-2019-12466	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. network low complexity mediawiki debian CWE-352	8.8
2019-07-10	CVE-2019-12468	Missing Authentication for Critical Function vulnerability in multiple products An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. network low complexity mediawiki debian CWE-306 critical	9.8
2019-07-10	CVE-2019-12467	MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). network low complexity mediawiki debian	5.3
2018-10-04	CVE-2018-13258	Information Exposure vulnerability in Mediawiki 1.31.0 Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. network low complexity mediawiki CWE-200	5.3
2018-10-04	CVE-2018-0505	Improper Authentication vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock network low complexity mediawiki debian CWE-287	6.5
2018-10-04	CVE-2018-0504	Information Exposure Through Log Files vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid network low complexity mediawiki debian CWE-532	6.5
2018-10-04	CVE-2018-0503	Improper Privilege Management vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. network low complexity mediawiki debian CWE-269	4.3
2018-04-16	CVE-2014-1686	Information Exposure vulnerability in Mediawiki 1.18.0 MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. network low complexity mediawiki CWE-200	5.3
2018-04-13	CVE-2017-0372	Injection vulnerability in multiple products Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. network low complexity mediawiki debian CWE-74 critical	9.8

Vulnerabilities > Mediawiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mediawiki"}]}

Vulnerabilities > Mediawiki