High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-20	CVE-2019-16528	Information Exposure Through Log Files vulnerability in Mediawiki Abusefilter 1.32/1.33 An issue was discovered in the AbuseFilter extension for MediaWiki. network low complexity mediawiki CWE-532	7.5
2020-02-08	CVE-2012-4381	Use of Hard-coded Credentials vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. network high complexity mediawiki CWE-798	8.1
2020-02-06	CVE-2013-4572	Session Fixation vulnerability in multiple products The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. network low complexity mediawiki fedoraproject CWE-384	7.5
2019-11-20	CVE-2013-1817	Information Exposure vulnerability in multiple products MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. network low complexity mediawiki debian redhat fedoraproject CWE-200	7.5
2019-11-20	CVE-2013-1816	Improper Input Validation vulnerability in multiple products MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. network low complexity mediawiki debian redhat fedoraproject CWE-20	7.5
2019-10-29	CVE-2012-0046	Information Exposure vulnerability in Mediawiki mediawiki allows deleted text to be exposed network low complexity mediawiki CWE-200	7.5
2019-07-10	CVE-2019-12474	Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. network low complexity mediawiki debian	7.5
2019-07-10	CVE-2019-12473	Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. network low complexity mediawiki debian	7.5
2019-07-10	CVE-2019-12472	Unspecified vulnerability in Mediawiki An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. network low complexity mediawiki	7.5
2019-07-10	CVE-2019-12466	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. network low complexity mediawiki debian CWE-352	8.8