Vulnerabilities > Mediawiki

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-13	CVE-2017-0370	Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. network low complexity mediawiki debian CWE-20	5.3
2018-04-13	CVE-2017-0369	Incorrect Default Permissions vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. network low complexity mediawiki debian CWE-276	6.5
2018-04-13	CVE-2017-0368	Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. network low complexity mediawiki debian CWE-20	5.3
2018-04-13	CVE-2017-0367	Exposure of Resource to Wrong Sphere vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. network low complexity mediawiki debian CWE-668	8.8
2018-04-13	CVE-2017-0366	Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. network low complexity mediawiki debian CWE-20	5.4
2018-04-13	CVE-2017-0365	Cross-site Scripting vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. network high complexity mediawiki debian CWE-79	4.7
2018-04-13	CVE-2017-0364	Open Redirect vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. network low complexity mediawiki debian CWE-601	6.1
2018-04-13	CVE-2017-0363	Open Redirect vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. network low complexity mediawiki debian CWE-601	6.1
2018-04-13	CVE-2017-0362	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. network low complexity mediawiki debian CWE-352	8.8
2018-04-13	CVE-2017-0361	Information Exposure vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. local low complexity mediawiki debian CWE-200	7.8

Vulnerabilities > Mediawiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mediawiki"}]}

Vulnerabilities > Mediawiki