CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10960 – Debian Security Advisory 4651-1
https://notcve.org/view.php?id=CVE-2020-10960
03 Apr 2020 — In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). En MediaWiki versiones anteriores a 1.34.1, los usuarios pueden agregar varias clases de Cascad... • https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10534
https://notcve.org/view.php?id=CVE-2020-10534
12 Mar 2020 — In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled. En la extensión GlobalBlocking antes del 10-03-2020, para MediaWiki versiones hasta la versión 1.34.0, un problema relacionado con la evaluación del rango IP resultó en que los usuarios bloqueados volvieran a obtener pri... • https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b • CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2012-4381
https://notcve.org/view.php?id=CVE-2012-4381
08 Feb 2020 — MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. MediaWiki versiones anteriores a 1.18.5 y versiones 1.19.x anteriores a 1.19.2, guardan l... • http://osvdb.org/show/osvdb/85106 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6455
https://notcve.org/view.php?id=CVE-2013-6455
28 Jan 2020 — The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. La extensión CentralAuth para MediaWiki versiones anteriores a 1.19.10, versiones 1.2x anteriores a 1.21.4 y versiones 1.22.x anteriores a 1.22.1, permite a atacantes remotos obtener nombres de usuario por medio de vectores relacionados con la escritura de los nombres en el DOM de una página. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-19709 – Debian Security Advisory 4592-1
https://notcve.org/view.php?id=CVE-2019-19709
11 Dec 2019 — MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. MediaWiki versiones hasta 1.33.1, permite a atacantes omitir el mecanismo de protección Title_blacklist al iniciar con un título arbitrario, estableciendo un redireccionamiento no resoluble para la página asociada y usando redirect=1 en la API action cuan... • https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0046
https://notcve.org/view.php?id=CVE-2012-0046
29 Oct 2019 — mediawiki allows deleted text to be exposed mediawiki, permite que el texto eliminado sea expuesto. • https://access.redhat.com/security/cve/cve-2012-0046 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2019-16738 – Debian Security Advisory 4545-1
https://notcve.org/view.php?id=CVE-2019-16738
26 Sep 2019 — In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. En MediaWiki versiones hasta 1.33.0, Special:Redirect permite la divulgación de información de nombres de usuario suprimidos por medio de una Búsqueda de ID de Usuario. It was discovered that the Special:Redirect functionality of MediaWiki, a website engine for collaborative work, could expose suppressed user names, resulting in an information leak. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-12469 – Debian Security Advisory 4460-1
https://notcve.org/view.php?id=CVE-2019-12469
12 Jun 2019 — MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MediaWiki hasta la versión 1.32.1, presenta un Control de Acceso Incorrecto. Un nombre de usuario o inicio de sesión suprimido de Special:EditTags están expuestos. • https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12466 – Debian Security Advisory 4460-1
https://notcve.org/view.php?id=CVE-2019-12466
12 Jun 2019 — Wikimedia MediaWiki through 1.32.1 allows CSRF. MediaWiki hasta la versión 1.32.1 de Wikimedia, permite un problema de tipo CSRF. Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which may result in authentication bypass, denial of service, cross-site scripting, information disclosure and bypass of anti-spam measures. • https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-12467 – Debian Security Advisory 4460-1
https://notcve.org/view.php?id=CVE-2019-12467
12 Jun 2019 — MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MediaWiki hasta la versión 1.32.1, presenta Control de Acceso Incorrecto (problema 1 de 3). Un spammer puede usar Special:ChangeEmail para enviar spam sin límite de velocidad o capacidad para bloquearlos. • https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html •