CRITICAL9.8CVE-2025-67484Vulnerability in Wikimedia Foundation MediaWiki. from 0, < 1:1.35.13-1+deb11u6
from 0, < 1:1.35.11-1~deb11u1
CRITICAL9.8mediawiki - security update
from 0, < 1:1.35.11-1~deb11u1
CRITICAL9.8mediawiki - security update
from 0, < 1:1.31.16-1+deb10u6
CRITICAL9.8Wikimedia MediaWiki Incorrect Access Control vulnerability
from 0, < 1:1.31.2-1
CRITICAL9.8Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabiliti…
from 0, < 1:1.27.3-1
CRITICAL9.8api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
from 0, < 1:1.27.4-1
CRITICAL9.8The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generat…
from 0, < 1:1.25.5-1
HIGH8.8Vulnerability in Wikimedia Foundation CheckUser.
from 0, < 1:1.35.13-1+deb11u6
HIGH8.8Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue a…
from 0, < 1:1.35.13-1+deb11u4
HIGH8.8Wikimedia MediaWiki allows CSRF
from 0, < 1:1.31.2-1
HIGH8.8The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control.
from 0, < 1:1.35.4-1~deb11u1
HIGH8.8Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system…
from 0, < 1:1.27.2-1
HIGH8.8Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF toke…
from 0, < 1:1.27.2-1
HIGH8.8The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x…
from 0, < 1:1.25.5-1
HIGH8.8The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparis…
from 0, < 1:1.25.5-1
HIGH8.1MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-depende…
from 0, < 1:1.19.2-1
HIGH8.0Cross-domain cookie leakage in Guzzle
from 0, < 1:1.35.8-1~deb11u1
HIGH7.8Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
from 0, < 1:1.27.2-1
HIGH7.7Change in port should be considered a change in origin
from 0, < 1:1.35.8-1~deb11u1
HIGH7.7CURLOPT_HTTPAUTH option not cleared on change of origin
from 0, < 1:1.35.8-1~deb11u1
HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.39.17-1+deb12u2
HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.8+dfsg-1~deb13u1
HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
from 0
HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
from 0
HIGH7.5(no summary)
from 0
HIGH7.5mediawiki - security update
from 0, < 1:1.35.13-1+deb11u2
HIGH7.5mediawiki - security update
from 0, < 1:1.35.13-1+deb11u2
HIGH7.5MediaWiki Denial of Service vulnerability
from 0, < 1:1.35.13-1~deb11u1
HIGH7.5A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
from 0, < 1:1.35.8-1~deb11u1
HIGH7.5Fix failure to strip Authorization header on HTTP downgrade in Guzzle
from 0, < 1:1.35.8-1~deb11u1
HIGH7.5Guzzle is an open source PHP HTTP client.
from 0, < 1:1.35.8-1~deb11u1
HIGH7.5OATHAuth extension in MediaWiki is not implementing rate limit
from 0, < 1:1.35.0-1
HIGH7.5Wikimedia information leak vulnerability
from 0, < 1:1.31.2-1
HIGH7.5MediaWiki Incorrect Access Control vulnerability
from 0, < 1:1.31.2-1
HIGH7.5Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
from 0, < 1:1.31.2-1
HIGH7.5MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresse…
from 0, < 1:1.27.2-1
HIGH7.5mediawiki - security update
from 0, < 1:1.27.7-1+deb9u11
HIGH7.5mediawiki - security update
from 0, < 1:1.35.4-1+deb11u2
HIGH7.5MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
from 0, < 1:1.35.4-1~deb11u1
HIGH7.5mediawiki - security update
from 0, < 1:1.31.16-1~deb10u1
HIGH7.5mediawiki - security update
from 0, < 1:1.27.7-1~deb9u10
HIGH7.5mediawiki - security update
from 0, < 1:1.35.4-1~deb11u1
HIGH7.5mediawiki - security update
from 0, < 1:1.31.14-1~deb10u1
HIGH7.5mediawiki - security update
from 0, < 1:1.35.2-1
HIGH7.5mediawiki - security update
from 0, < 1:1.27.7-1~deb9u8
HIGH7.5pygments - security update
from 0, < 1:1.35.2-1
HIGH7.5mediawiki - security update
from 0, < 1:1.35.1-1
HIGH7.5mediawiki - security update
from 0, < 1:1.31.12-1~deb10u1
HIGH7.5Regular Expression Denial of Service in papaparse
from 0, < 1:1.35.11-1~deb11u1
HIGH7.5The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to ca…
from 0, < 1:1.19.8+dfsg-2.2
HIGH7.5MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive…
from 0, < 1:1.19.4-1
HIGH7.5MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a spec…
from 0, < 1:1.19.4-1
HIGH7.5mediawiki allows deleted text to be exposed
from 0, < 1:1.15.5-6
HIGH7.5The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via gl…
from 0, < 1:1.27.4-1
HIGH7.5The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside t…
from 0, < 1:1.27.4-1
HIGH7.5MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messag…
from 0, < 1:1.27.4-1
HIGH7.5MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create…
from 0, < 1:1.19.2-1
HIGH7.5MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the User…
from 0, < 1:1.27.1-1
HIGH7.5MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, whic…
from 0, < 1:1.27.1-1
HIGH7.5MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers…
from 0, < 1:1.27.1-1
HIGH7.5ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title r…
from 0, < 1:1.27.1-1
HIGH7.4An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before…
from 0, < 1:1.39.7-1~deb12u1
HIGH7.3mediawiki - security update
from 0, < 1:1.35.13-1~deb11u1
HIGH7.3mediawiki - security update
from 0, < 1:1.35.13-1~deb11u1
HIGH7.3mediawiki - security update
from 0, < 1:1.31.16-1+deb10u7
MEDIUM6.5Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u6
MEDIUM6.5An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1.
from 0, < 1:1.39.5-1~deb12u1
MEDIUM6.5Wikimedia MediaWik exposed suppressed log in RevisionDelete page
from 0, < 1:1.31.2-1
MEDIUM6.5MediaWiki Incorrect Access Control vulnerability
from 0, < 1:1.31.2-1
MEDIUM6.5Mediawiki BotPassword can bypass CentralAuth's account lock
from 0, < 1:1.31.1-1
MEDIUM6.5Mediawiki information disclosure vulnerability
from 0, < 1:1.31.1-1
MEDIUM6.5mediawiki - security update
from 0, < 1:1.35.4-1+deb11u2
MEDIUM6.5mediawiki - security update
from 0, < 1:1.35.4-1+deb11u2
MEDIUM6.5Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
from 0, < 1:1.27.2-1
MEDIUM6.5MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to…
from 0, < 1:1.19.2-1
MEDIUM6.5MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to byp…
from 0, < 1:1.27.1-1
MEDIUM6.1Vulnerability in Wikimedia Foundation MediaWiki.
from 0
MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.6+dfsg-1~deb13u1
MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u6
MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.6+dfsg-1~deb13u1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.35.13-1+deb11u6
MEDIUM6.1mediawiki - security update
from 0, < 1:1.35.13-1+deb11u6
MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEdi…
from 0, < 1:1.35.13-1+deb11u5
MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEdi…
from 0, < 1:1.35.13-1+deb11u5
MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u5
MEDIUM6.1Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u5
MEDIUM6.1Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.6+dfsg-1~deb13u1
MEDIUM6.1Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u5
MEDIUM6.1An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1.
from 0, < 1:1.39.5-1~deb12u1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.31.16-1+deb10u8
MEDIUM6.1mediawiki - security update
from 0, < 1:1.35.13-1+deb11u3
MEDIUM6.1mediawiki - security update
from 0, < 1:1.35.13-1+deb11u3
MEDIUM6.1An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4.
from 0, < 1:1.35.11-1~deb11u1
MEDIUM6.1An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1.
from 0, < 1:1.35.8-1~deb11u1
MEDIUM6.1An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1.
from 0, < 1:1.35.8-1~deb11u1
MEDIUM6.1Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS)
from 0, < 1:1.35.2-1
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
from 0, < 1:1.35.0-1
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
from 0, < 1:1.35.0-1
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
from 0, < 1:1.35.0-1
MEDIUM6.1MediaWiki Cross-site Scripting (XSS) vulnerability
from 0, < 1:1.35.0-1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.31.6-1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.27.7-1~deb9u3
MEDIUM6.1MediaWiki Cross-site Scripting (XSS)
from 0, < 1:1.31.2-1
MEDIUM6.1An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
from 0, < 1:1.35.8-1~deb11u1
MEDIUM6.1MediaWiki before 1.36.2 allows XSS.
from 0, < 1:1.35.4-1~deb11u1
MEDIUM6.1An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1:1.35.2-1
MEDIUM6.1An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1:1.35.2-1
MEDIUM6.1MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
from 0, < 1:1.35.1-1
MEDIUM6.1MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
from 0, < 1:1.35.1-1
MEDIUM6.1In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentch…
from 0, < 1:1.35.1-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote att…
from 0, < 1:1.19.10+dfsg-1
MEDIUM6.1includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 doe…
from 0, < 1:1.19.8+dfsg-1
MEDIUM6.1A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitr…
from 0, < 1:1.19.5-1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.31.2-1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.27.7-1~deb9u1
MEDIUM6.1Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
from 0, < 1:1.27.2-1
MEDIUM6.1Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
from 0, < 1:1.27.2-1
MEDIUM6.1The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTM…
from 0, < 1:1.27.4-1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.27.4-1
MEDIUM6.1mediawiki - security update
from 0, < 1:1.27.4-1~deb9u1
MEDIUM6.1Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadget…
from 0, < 1:1.19.2-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary we…
from 0, < 1:1.19.2-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and…
from 0, < 1:1.27.1-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.2…
from 0, < 1:1.27.1-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1,…
from 0, < 1:1.25.5-1
MEDIUM5.5mediawiki - security update
from 0, < 1:1.35.11-1~deb11u1
MEDIUM5.5mediawiki - security update
from 0, < 1:1.31.16-1+deb10u5
MEDIUM5.4Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u5
MEDIUM5.4An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
from 0, < 1:1.35.13-1~deb11u1
MEDIUM5.4An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
from 0, < 1:1.35.8-1~deb11u1
MEDIUM5.4Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
from 0, < 1:1.27.2-1
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
from 0
MEDIUM5.3mediawiki - security update
from 0, < 1:1.39.10-1~deb12u1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.39.10-1~deb12u1
MEDIUM5.3An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1.
from 0, < 1:1.39.5-1~deb12u1
MEDIUM5.3An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1.
from 0, < 1:1.35.11-1~deb11u1
MEDIUM5.3An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3.
from 0, < 1:1.35.8-1~deb11u1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.35.8-1~deb11u1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.31.16-1+deb10u4
MEDIUM5.3mediawiki - security update
from 0, < 1:1.35.8-1~deb11u1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.31.16-1+deb10u3
MEDIUM5.3mediawiki - security update
from 0, < 1:1.35.8-1~deb11u1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.35.8-1~deb11u1
MEDIUM5.3MediaWiki allows a denial of service
from 0, < 1:1.35.4-1~deb11u1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.35.0-1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.27.7-1~deb9u4
MEDIUM5.3mediawiki - security update
from 0, < 1:1.31.7-1~deb10u1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.31.7-1
MEDIUM5.3mediawiki - security update
from 0, < 1:1.27.7-1~deb9u2
MEDIUM5.3mediawiki - security update
from 0, < 1:1.31.4-1
MEDIUM5.3MediaWiki Incorrect Access Control vulnerability
from 0, < 1:1.31.2-1
MEDIUM5.3An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
from 0, < 1:1.35.4-1+deb11u2
MEDIUM5.3An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1:1.35.2-1
MEDIUM5.3An issue was discovered in MediaWiki before 1.35.1.
from 0, < 1:1.35.1-1
MEDIUM5.3MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
from 0, < 1:1.35.1-1
MEDIUM5.3Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax'…
from 0, < 1:1.27.2-1
MEDIUM5.3Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
from 0, < 1:1.27.2-1
MEDIUM5.3MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via t…
from 0, < 1:1.27.4-1
MEDIUM5.3The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in Media…
from 0, < 1:1.25.5-1
MEDIUM5.3MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses conta…
from 0, < 1:1.25.5-1
MEDIUM4.9MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read…
from 0, < 1:1.19.2-1
MEDIUM4.8Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u5
MEDIUM4.8Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u5
MEDIUM4.8Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki…
from 0, < 1:1.35.13-1+deb11u5
MEDIUM4.8Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.6+dfsg-1~deb13u1
MEDIUM4.8Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.6+dfsg-1~deb13u1
MEDIUM4.7Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configuratio…
from 0, < 1:1.27.2-1
MEDIUM4.4An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
from 0, < 1:1.35.8-1~deb11u1
MEDIUM4.3An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
from 0, < 1:1.35.13-1~deb11u1
MEDIUM4.3An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1:1.35.2-1
MEDIUM4.3mediawiki - security update
from 0, < 1:1.31.1-1
MEDIUM4.3mediawiki - security update
from 0, < 1:1.27.5-1~deb9u1
MEDIUM4.3An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1:1.35.2-1
MEDIUM4.3An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1:1.35.2-1
MEDIUM4.3An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2.
from 0, < 1:1.35.2-1
LOW3.8Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.8+dfsg-1~deb13u1
LOW3.1Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.6+dfsg-1~deb13u1
LOW3.1mediawiki - security update
from 0, < 1:1.31.10-1~deb10u1
LOW3.1mediawiki - security update
from 0, < 1:1.27.7-1~deb9u7
LOW3.1mediawiki - security update
from 0, < 1:1.31.8-1
—Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo.
from 0, < 1:1.43.8+dfsg-1~deb13u1
—Vulnerability in Wikimedia Foundation AbuseFilter.
from 0
—Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox.
from 0, < 1:1.35.13-1+deb11u6
—Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite.
from 0, < 1:1.35.13-1+deb11u6
—Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector.
from 0, < 1:1.43.6+dfsg-1~deb13u1
—Vulnerability in Wikimedia Foundation Thanks.
from 0, < 1:1.43.6+dfsg-1~deb13u1
—Vulnerability in Wikimedia Foundation TextExtracts.
from 0, < 1:1.35.13-1+deb11u5
—Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.
from 0, < 1:1.43.6+dfsg-1~deb13u1
—mediawiki - security update
from 0, < 1:1.35.13-1+deb11u5
—mediawiki - security update
from 0, < 1:1.35.13-1+deb11u5
—mediawiki - security update
from 0, < 1:1.39.17-1~deb12u1
—Vulnerability in Wikimedia Foundation ConfirmEdit.
from 0, < 1:1.35.13-1+deb11u5
—Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.3+dfsg-1
—Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u4
—Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector.
from 0, < 1:1.43.3+dfsg-1
—Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Multimedi…
from 0, < 1:1.35.13-1+deb11u4
—Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u4
—Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u4
—Vulnerability in Wikimedia Foundation AbuseFilter.
from 0, < 1:1.43.3+dfsg-1
—Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u4
—Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.35.13-1+deb11u4
—Vulnerability in Wikimedia Foundation MediaWiki.
from 0, < 1:1.43.3+dfsg-1
—Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The…
from 0, < 1:1.43.6+dfsg-1~deb13u1
—mediawiki - security update
from 0, < 1:1.39.13-1~deb12u1
—mediawiki - security update
from 0, < 1:1.35.13-1+deb11u4
—mediawiki - security update
from 0, < 1:1.35.13-1+deb11u4
—i18n XSS vulnerability in HTMLMultiSelectField when sections are used
from 0, < 1:1.35.13-1+deb11u4
—Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter.
from 0, < 1:1.43.1+dfsg-1
—Potential javascript injection attack enabled by Unicode normalization in Action API
from 0, < 1:1.35.13-1+deb11u4
—LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
from 0, < 1:1.35.13-1+deb11u4
—Cascading protection is not preventing file reversions
from 0
—mediawiki - security update
from 0, < 1:1.39.12-1~deb12u1
—mediawiki - security update
from 0, < 1:1.35.13-1+deb11u4
—MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows…
from 0, < 1:1.25.5-1
—MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remot…
from 0, < 1:1.25.5-1
—MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated…
from 0, < 1:1.25.5-1
—The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated…
from 0, < 1:1.25.5-1
—The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the upload…
from 0, < 1:1.25.5-1
—Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows re…
from 0, < 1:1.25.5-1
—The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token c…
from 0, < 1:1.25.5-1
—The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers t…
from 0, < 1:1.25.5-1
—The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change bloc…
from 0, < 1:1.25.5-1
—MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of servi…
from 0, < 1:1.19.20+dfsg-2.3
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows…
from 0, < 1:1.19.20+dfsg-2.3
—Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authenticati…
from 0, < 1:1.19.20+dfsg-2.3
—Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or…
from 0, < 1:1.19.20+dfsg-2.3
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers…
from 0, < 1:1.19.20+dfsg-2.3
—MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a den…
from 0, < 1:1.19.20+dfsg-2.3
—MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumpti…
from 0, < 1:1.19.20+dfsg-2.3
—MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensi…
from 0, < 1:1.19.20+dfsg-2.3
—MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse functio…
from 0, < 1:1.19.20+dfsg-2.3
—Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows…
from 0, < 1:1.19.20+dfsg-2.3
—Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inj…
from 0, < 1:1.19.20+dfsg-2.3
—Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.2…
from 0, < 1:1.19.20+dfsg-2.3
—mediawiki - security update
from 0, < 1:1.19.20+dfsg-2.2
—mediawiki - security update
from 0, < 1:1.19.20+dfsg-0+deb7u3
—mediawiki - security update
from 0, < 1:1.19.20+dfsg-0+deb7u2
—mediawiki - security update
from 0, < 1:1.19.20+dfsg-2.1
—mediawiki - security update
from 0, < 1:1.19.20+dfsg-0+deb7u1
—mediawiki - security update
from 0, < 1:1.19.20+dfsg-1
—mediawiki - security update
from 0, < 1:1.19.19+dfsg-1
—mediawiki - security update
from 0, < 1:1.19.19+dfsg-0+deb7u1
—MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for…
from 0, < 1:1.19.18+dfsg-0.1
—mediawiki - security update
from 0, < 1:1.19.18+dfsg-0.1
—mediawiki - security update
from 0, < 1:1.19.18+dfsg-0+deb7u1
—mediawiki - security update
from 0, < 1:1.19.16+dfsg-0+deb7u1
—mediawiki - security update
from 0, < 1:1.19.16+dfsg-1
—Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remot…
from 0, < 1:1.19.3-1
—MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via…
from 0, < 1:1.19.10+dfsg-1
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers…
from 0, < 1:1.19.10+dfsg-1
—MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers…
from 0, < 1:1.19.10+dfsg-1
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers…
from 0, < 1:1.19.10+dfsg-1
—includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not…
from 0, < 1:1.19.14+dfsg-1
—includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user to…
from 0, < 1:1.19.12+dfsg-1
—includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use…
from 0, < 1:1.19.12+dfsg-1
—MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows re…
from 0, < 1:1.19.11+dfsg-1
—Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows…
from 0, < 1:1.19.8+dfsg-2.2
—Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows…
from 0, < 1:1.19.8+dfsg-2.2
—Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote atta…
from 0, < 1:1.19.7+dfsg-1
—MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordR…
from 0, < 1:1.19.6-1
—mediawiki - security update
from 0, < 1:1.19.6-1
—mediawiki - security update
from 0, < 1:1.19.14+dfsg-0+deb7u1
—mediawiki - cross-site request forgery token disclosure
from 0, < 1:1.15.5-2squeeze6
—mediawiki - cross-site request forgery token disclosure
from 0, < 1:1.19.8+dfsg-1
—includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows…
from 0, < 1:1.19.8+dfsg-1
—The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infini…
from 0, < 1:1.19.0-1
—Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote at…
from 0, < 1:1.15.5-9
—MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remot…
from 0, < 1:1.15.5-9
—Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before…
from 0, < 1:1.19.1-1
—MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain se…
from 0, < 1:1.15.5-4
—MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1…
from 0, < 1:1.15.5-4
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers t…
from 0, < 1:1.15.5-5
—The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users t…
from 0, < 1:1.15.5-5
—The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Styl…
from 0, < 1:1.15.5-5
—mediawiki - multiple
from 0, < 1:1.15.5-2squeeze2
—mediawiki - multiple
from 0, < 1:1.15.5-5
—Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote…
from 0, < 1:1.15.5-1
—api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass…
from 0, < 1:1.15.5-1
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via craf…
from 0, < 1:1.15.5-3
—mediawiki - clickjacking
from 0, < 1:1.15.5-2
—mediawiki - clickjacking
from 0, < 1:1.15.5-2
—Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows r…
from 0, < 1:1.15.4-1
—Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbi…
from 0, < 1:1.15.4-1
—mediawiki - cross-site request forgery
from 0, < 1:1.15.3-1
—mediawiki - cross-site request forgery
from 0, < 1:1.12.0-2lenny5
—thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions be…
from 0, < 1:1.15.2-1
—mediawiki - several vulnerabilities
from 0, < 1:1.15.2-1
—mediawiki - several vulnerabilities
from 0, < 1:1.12.0-2lenny4
—Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in Media…
from 0, < 1:1.15.0-1.1
—Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 befo…
from 0, < 1:1.14.0-1
—MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full install…
from 0, < 1:1.13.3-1
—MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might…
from 0, < 1:1.13.3-1
—Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and…
from 0, < 1:1.13.3-1
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer…
from 0, < 1:1.13.3-1
—mediawiki - several vulnerabilities
from 0, < 1:1.13.3-1
—mediawiki - several vulnerabilities
from 0, < 1:1.12.0-2lenny2
—mediawiki - cross site scripting
from 0, < 1.12.0-2lenny1
—mediawiki - cross site scripting
from 0, < 1:1.13.2-1
—Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the call…
from 0, < 1:1.11.2-1
—Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.…
from 0, < 1:1.11.1-1
—Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 thro…
from 0, < 1.10.2-1
—Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows…
from 0, < 1.7.1-9
—Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, al…
from 0, < 1.7.1-9
—MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.de…
from 0, < 1:1.10
—Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1…
from 0, < 1.7.1-6
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTM…
from 0, < 1.4.15-1
—Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attacker…
from 0, < 1.4.15-1
—MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-si…
from 0, < 1.4.13-1
—Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML…
from 0, < 1.4.9
—Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers t…
from 0, < 1.4.11-1
—Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) th…
from 0, < 1.4.11-1
—Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via…
from 0, < 1.4.9
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject a…
from 0, < 1.4.9
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attribut…
from 0, < 1.4.9
—Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary…
from 0, < 1.4.9
—Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to…
from 0, < 1.4.9
—Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject ar…
from 0, < 1.4.9
—Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to per…
from 0, < 1.4.9
—SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
from 0, < 1.4.9
—Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitr…
from 0, < 1.4.9
—Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
from 0, < 1.4.9
—Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queri…
from 0, < 1.4.9
—MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, whi…
from 0, < 1.4.9