Vulnerabilities > Mediawiki > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2013-1951 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | 6.1 |
| 2019-10-29 | CVE-2019-18612 | Information Exposure vulnerability in Mediawiki Abusefilter An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. | 5.3 |
| 2019-10-29 | CVE-2019-18611 | Information Exposure vulnerability in Mediawiki Checkuser An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. | 6.5 |
| 2019-09-26 | CVE-2019-16738 | Missing Authorization vulnerability in multiple products In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | 5.3 |
| 2019-08-09 | CVE-2019-14807 | Cross-site Scripting vulnerability in Mediawiki Mobilefrontend 1.31.0/1.32.0/1.33.0 In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | 6.1 |
| 2019-07-10 | CVE-2019-12470 | Missing Authorization vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. | 6.5 |
| 2019-07-10 | CVE-2019-12469 | Missing Authorization vulnerability in multiple products MediaWiki through 1.32.1 has Incorrect Access Control. | 6.5 |
| 2019-07-10 | CVE-2019-12471 | Cross-site Scripting vulnerability in multiple products Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. | 6.1 |
| 2019-07-10 | CVE-2019-12467 | MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). | 5.3 |
| 2018-10-04 | CVE-2018-13258 | Information Exposure vulnerability in Mediawiki 1.31.0 Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | 5.3 |