CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10534
https://notcve.org/view.php?id=CVE-2020-10534
12 Mar 2020 — In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled. En la extensión GlobalBlocking antes del 10-03-2020, para MediaWiki versiones hasta la versión 1.34.0, un problema relacionado con la evaluación del rango IP resultó en que los usuarios bloqueados volvieran a obtener pri... • https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b • CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2012-4381
https://notcve.org/view.php?id=CVE-2012-4381
08 Feb 2020 — MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. MediaWiki versiones anteriores a 1.18.5 y versiones 1.19.x anteriores a 1.19.2, guardan l... • http://osvdb.org/show/osvdb/85106 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6455
https://notcve.org/view.php?id=CVE-2013-6455
28 Jan 2020 — The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. La extensión CentralAuth para MediaWiki versiones anteriores a 1.19.10, versiones 1.2x anteriores a 1.21.4 y versiones 1.22.x anteriores a 1.22.1, permite a atacantes remotos obtener nombres de usuario por medio de vectores relacionados con la escritura de los nombres en el DOM de una página. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6163
https://notcve.org/view.php?id=CVE-2020-6163
08 Jan 2020 — The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). La extensión WikibaseMediaInfo versión 1.35 para MediaWiki, permite un ataque de tipo XSS debido a una sintaxis de plantilla inapropiada dentro de la plantilla PropertySuggestionsWidget (en el archivo templates/search/PropertySuggestionsWidget.mustache+dom). • https://gerrit.wikimedia.org/r/558203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19910
https://notcve.org/view.php?id=CVE-2019-19910
19 Dec 2019 — The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context. El MinervaNeue Skin en MediaWiki desde el 05-11-2019 hasta el 13-12-2019 (versiones 1.35 y/o 1.34) maneja inapropiadamente ciertos atributos HTML, como es demostrado por ... • https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19708
https://notcve.org/view.php?id=CVE-2019-19708
11 Dec 2019 — The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. La extensión VisualEditor versiones hasta 1.34 para MediaWiki, permite un ataque de tipo XSS por medio de contenido adherido que contiene un elemento con un atributo data-ve-clipboard-key. • https://gerrit.wikimedia.org/r/q/I1f99458fd2c4f6b2460dfe7a93b330ddee4400b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-19709 – Debian Security Advisory 4592-1
https://notcve.org/view.php?id=CVE-2019-19709
11 Dec 2019 — MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. MediaWiki versiones hasta 1.33.1, permite a atacantes omitir el mecanismo de protección Title_blacklist al iniciar con un título arbitrario, estableciendo un redireccionamiento no resoluble para la página asociada y usando redirect=1 en la API action cuan... • https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18987
https://notcve.org/view.php?id=CVE-2019-18987
15 Nov 2019 — An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition. Se descubrió un problema en la extensión AbuseFilter versiones hasta 1.34 para MediaWiki. Una vez que un filtro de abuso específico se ha hecho público (accidentalmente o de otro modo), sus versiones anteriores pueden ser... • https://gerrit.wikimedia.org/r/q/Ic12790bd33982473f77551bde9599ed083a3e1f1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18611
https://notcve.org/view.php?id=CVE-2019-18611
29 Oct 2019 — An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. Se descubrió un problema en la extensión CheckUser versiones hasta la versión 1.34 para MediaWiki. Cierta información confidencial dentro de los resú... • https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18612
https://notcve.org/view.php?id=CVE-2019-18612
29 Oct 2019 — An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. Se descubrió un problema en la extensión AbuseFilter versiones hasta 1.34 para MediaWiki. Los filtros de AbuseFilter previamente ocultos (restringidos) eran visibles (o sus diferencias eran visibles) para usuarios no privilegiados, revelando potencialment... • https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •