CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-4571
https://notcve.org/view.php?id=CVE-2013-4571
12 May 2014 — Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. Desbordamiento de buffer en php-luasandbox en la extensión Scribuntu para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 tiene impacto no especificado y vectores remotos. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2013-4574
https://notcve.org/view.php?id=CVE-2013-4574
12 May 2014 — Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos. Vulnerabilidad de XSS en la extensión TimeMediaHandler para MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con vídeos. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 193EXPL: 0CVE-2014-2853 – Gentoo Linux Security Advisory 201502-04
https://notcve.org/view.php?id=CVE-2014-2853
29 Apr 2014 — Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action. Vulnerabilidad de XSS en includes/actions/InfoAction.php en MediaWiki anterior a 1.21.9 y 1.22.x anterior a 1.22.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la clave "sort" en una acción "info". Multiple vulnerabilities have been found in MediaWiki... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2014-2665 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2014-2665
07 Apr 2014 — includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. El archivo includes/specials/SpecialChangePassword.php en MediaWiki a... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2013-6454 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2013-6454
31 Mar 2014 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute. Vulnerabilidad de XSS en MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un atributo -o-link. Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remo... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6451 – Mandriva Linux Security Advisory 2014-057
https://notcve.org/view.php?id=CVE-2013-6451
13 Mar 2014 — Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones 1.19.9 anteriores a 1.19.10, versiones 1.2x anteriores a 1.21.4 y versiones 1.22.x anteriores a 1.22.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de valores CSS no especificados. MediaWiki... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2013-6452 – Mandriva Linux Security Advisory 2014-057
https://notcve.org/view.php?id=CVE-2013-6452
13 Mar 2014 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file. Vulnerabilidad de XSS en MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de XSL manipulado en un archivo SVG. MediaWiki user Michael M reported that the fix for CVE-2013-4568 all... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-6453 – Mandriva Linux Security Advisory 2014-057
https://notcve.org/view.php?id=CVE-2013-6453
13 Mar 2014 — MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML. MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 no limpia debidamente archivos SVG, lo que permite a atacantes remotos tener impacto no especificado a través de XML inválido. MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass ... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2013-6472 – Mandriva Linux Security Advisory 2014-057
https://notcve.org/view.php?id=CVE-2013-6472
13 Mar 2014 — MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. MediaWiki anterior a 1.19.10, 1.2x anterior a 1.21.4 y 1.22.x anterior a 1.22.1 permite a atacantes remotos obtener información acerca de página eliminada a través de las listas de vigilancia de (1) la API de registro, (2) Enhanced RecentChanges y (3) usuarios. MediaWiki user Michael M reported that t... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 90EXPL: 0CVE-2014-2242 – Mandriva Linux Security Advisory 2014-057
https://notcve.org/view.php?id=CVE-2014-2242
02 Mar 2014 — includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element. includes/upload/UploadBase.php en MediaWiki anterior a 1.19.12, 1.20.x y 1.21.x anterior a 1.21.6 y 1.22.x anterior a 1.22.3 no previene el uso de espacios... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •