CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1951 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1951
28 Oct 2013 — A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones anteriores a 1.19.5 y versiones 1.20.x anteriores a 1.20.4 y permite a atacantes remotos inyectar script web o HTML arbitrario por medio de nombres de función de Lua. Multiple vulnerabilities have been found in MediaWiki, the worst of which could le... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1817 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1817
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a la versión 1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener información confidencial. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 71EXPL: 0CVE-2013-2031 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2013-2031
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una sección CDATA conteniendo secuencias válidas codificadas con UTF-7 en un ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 21EXPL: 1CVE-2013-4304 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4304
28 Oct 2013 — The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password. La extensión de MediaWiki CentralAuth 1.19.x anterior a 1.19.8, 1.20.7 anterior a 1.20.x y 1.21.x anterior 1.21.2 almacena en caché un objeto CentralAuthUser válida en la cookie centralauth_User incluso cuando ... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 15EXPL: 0CVE-2013-2114 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-2114
28 Oct 2013 — Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Vulnerabilidad de subida sin restricciones de ficheros en la API de subida de fragmentos en MediaWiki 1.19 a 1.19.6 y 1.20.x anteriores a 1.20.6 permite a atacantes remotos ejecutar código arbitrario mediante la subida de un fichero con extensión ejecutable. Multiple vulnerabilities have be... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2013-1816 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1816
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a 1.20.3, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) mediante el envío de una petición especialmente diseñada. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions... • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1818 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1818
28 Oct 2013 — maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. maintenance/mwdoc-filter.php en MediaWiki anterior a 1.20.3 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://www.mediawiki.org/wiki/Release_notes/1.20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4306 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4306
11 Oct 2013 — Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. Vulnerabilidad cross-site request forgery (CSRF) en api/ApiQueryCheckUser.php en la extensión CheckUser para MediaWiki, posiblemente CheckUser anteriores a 2.3, permite a atacantes remotos secuestrar la autenticac... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4305 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4305
11 Oct 2013 — Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de XSS en contrib/example.php de la extensión SyntaxHighlight GeSHi para MediaWiki, posiblemente la descargada antes de septiembre de 2013, permite a atacantes remotos inyectar script web arbitrario o HTML a través de PATH_INFO. Multiple vulnerabiliti... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4303 – Mandriva Linux Security Advisory 2013-235
https://notcve.org/view.php?id=CVE-2013-4303
16 Sep 2013 — includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. El archivo includes/libs/IEUrlExtension.php en la API MediaWiki en MediaWiki versiones 1.19.x anteriores a 1.19.8, versiones 1.20.x an... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •