NotCVE - vendor:"Mediawiki" product:"Mediawiki" version:" >= 1.22.0

Page 25 of 245 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 90EXPL: 0

CVE-2014-2244 – Mandriva Linux Security Advisory 2014-057

https://notcve.org/view.php?id=CVE-2014-2244

02 Mar 2014 — Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php. Vulnerabilidad de XSS en la función formatHTML en includes/api/ApiFormatBase.php en MediaWiki anterior a 1.19.12, 1.20.x y 1.21.x anterior a 1.21.6 y 1.22.x anterior a 1.22.3 permite ... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 47%CPEs: 17EXPL: 5

CVE-2014-1610 – MediaWiki - 'Thumb.php' Remote Command Execution

https://notcve.org/view.php?id=CVE-2014-1610

30 Jan 2014 — MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. MediaWiki 1.22.x en v... • https://packetstorm.news/files/id/125040 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 1%CPEs: 136EXPL: 0

CVE-2011-0047

https://notcve.org/view.php?id=CVE-2011-0047

04 Feb 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki anterior a v1.16.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante una hoja de estilos (CSS) manipulada, también conocido como "vulnerabilidad de inyección de... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 135EXPL: 0

CVE-2011-0003

https://notcve.org/view.php?id=CVE-2011-0003

11 Jan 2011 — MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. MediaWiki anterior a v1.16.1, cuando el usuario o el sitio JavaScript o CSS está activado, permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0

CVE-2005-1888

https://notcve.org/view.php?id=CVE-2005-1888

06 Jun 2005 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 •

1...23 24 25