CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2012-5391
https://notcve.org/view.php?id=CVE-2012-5391
02 Jun 2014 — Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. Vulnerabilidad de fijación de sesión en Special:UserLogin en MediaWiki anterior a 1.18.6, 1.19.x anterior a 1.19.3 y 1.20.x anterior a 1.20.1 permite a atacantes remotos secuestrar sesiones web a través de session_id. • http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098975.html •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2012-5395
https://notcve.org/view.php?id=CVE-2012-5395
02 Jun 2014 — Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. Vulnerabilidad de fijación de sesión en la extensión CentralAuth para MediaWiki anterior a 1.18.6, 1.19.x anterior a 1.19.3 y 1.20.x anterior a 1.20.1 permite a atacantes remotos secuestrar sesiones web a través de la cookie centralauth_Session. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-3454
https://notcve.org/view.php?id=CVE-2014-3454
12 May 2014 — Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors. Vulnerabilidad de CSRF en Special:CreateCategory en la extensión SemanticForms para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos secuestrar la aut... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-3455
https://notcve.org/view.php?id=CVE-2014-3455
12 May 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors. Múltiples vulnerabilidades de CSRF en las páginas especiales (1) CreateProperty, (2) CreateTemplate, (3) CreateForm y (4) CreateClass ... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2013-4570
https://notcve.org/view.php?id=CVE-2013-4570
12 May 2014 — The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function. La función zend_inline_hash_func en php-luasandbox en la extensión Scribuntu para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-4571
https://notcve.org/view.php?id=CVE-2013-4571
12 May 2014 — Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. Desbordamiento de buffer en php-luasandbox en la extensión Scribuntu para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 tiene impacto no especificado y vectores remotos. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2013-4574
https://notcve.org/view.php?id=CVE-2013-4574
12 May 2014 — Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos. Vulnerabilidad de XSS en la extensión TimeMediaHandler para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con vídeos. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 193EXPL: 0CVE-2014-2853 – Gentoo Linux Security Advisory 201502-04
https://notcve.org/view.php?id=CVE-2014-2853
29 Apr 2014 — Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action. Vulnerabilidad de XSS en includes/actions/InfoAction.php en MediaWiki anterior a 1.21.9 y 1.22.x anterior a 1.22.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la clave "sort" en una acción "info". Multiple vulnerabilities have been found in MediaWiki... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2014-2665 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2014-2665
07 Apr 2014 — includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. El archivo includes/specials/SpecialChangePassword.php en MediaWiki a... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2013-6454 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2013-6454
31 Mar 2014 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute. Vulnerabilidad de XSS en MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un atributo -o-link. Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remo... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •