Vulnerabilities > Mediawiki > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-04 CVE-2018-0505 Improper Authentication vulnerability in multiple products
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
network
low complexity
mediawiki debian CWE-287
6.5
6.5
2018-10-04 CVE-2018-0504 Information Exposure Through Log Files vulnerability in multiple products
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
network
low complexity
mediawiki debian CWE-532
6.5
6.5
2018-10-04 CVE-2018-0503 Improper Privilege Management vulnerability in multiple products
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
network
low complexity
mediawiki debian CWE-269
4.3
4.3
2018-04-16 CVE-2014-1686 Information Exposure vulnerability in Mediawiki 1.18.0
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
network
low complexity
mediawiki CWE-200
5.3
5.3
2018-04-13 CVE-2017-0370 Improper Input Validation vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
network
low complexity
mediawiki debian CWE-20
5.3
5.3
2018-04-13 CVE-2017-0369 Incorrect Default Permissions vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
network
low complexity
mediawiki debian CWE-276
6.5
6.5
2018-04-13 CVE-2017-0368 Improper Input Validation vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
network
low complexity
mediawiki debian CWE-20
5.3
5.3
2018-04-13 CVE-2017-0366 Improper Input Validation vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
network
low complexity
mediawiki debian CWE-20
5.4
5.4
2018-04-13 CVE-2017-0365 Cross-site Scripting vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
network
high complexity
mediawiki debian CWE-79
4.7
4.7
2018-04-13 CVE-2017-0364 Open Redirect vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
network
low complexity
mediawiki debian CWE-601
6.1
6.1