CVSS: 6.1EPSS: 1%CPEs: 5EXPL: 0CVE-2013-1951 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1951
28 Oct 2013 — A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones anteriores a 1.19.5 y versiones 1.20.x anteriores a 1.20.4 y permite a atacantes remotos inyectar script web o HTML arbitrario por medio de nombres de función de Lua. Multiple vulnerabilities have been found in MediaWiki, the worst of which could le... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1818 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1818
28 Oct 2013 — maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. maintenance/mwdoc-filter.php en MediaWiki anterior a 1.20.3 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://www.mediawiki.org/wiki/Release_notes/1.20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2013-2032 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-2032
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5 no permite a las extensiones prevenir cambios en las contraseñas sin usar Special:PasswordReset y Special:ChangePassword, lo cual permite a atacantes remoto... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1817 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1817
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a la versión 1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener información confidencial. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2013-1816 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1816
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a 1.20.3, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) mediante el envío de una petición especialmente diseñada. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions... • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 71EXPL: 0CVE-2013-2031 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2013-2031
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una sección CDATA conteniendo secuencias válidas codificadas con UTF-7 en un ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2012-1580
https://notcve.org/view.php?id=CVE-2012-1580
09 Sep 2012 — Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Special:Upload en MediaWiki v1.17.x antes de v1.17.3 y v1.18.x antes de v1.18.2, permite a atacantes remotos secuestrar la autenticación de las víctimas no especificadas para las solicitudes que suben archi... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2012-1582
https://notcve.org/view.php?id=CVE-2012-1582
09 Sep 2012 — Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el analizador wikitext en MediaWiki v1.17.x antes de v1.17.3 y v1.18.x antes de v1.18.2 permite a atacantes remotos inyectar secuencias de coma... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2012-1579
https://notcve.org/view.php?id=CVE-2012-1579
09 Sep 2012 — The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. El gestor de recursos en MediaWiki v1.17.x antes de v1.17.3 y v1.18.x antes de v1.18.2 incluye datos privados, como tokens CSRF en un archivo JavaScript, lo que permite a atacantes remotos obtener información sensible. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2012-4885
https://notcve.org/view.php?id=CVE-2012-4885
09 Sep 2012 — The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function. El analizador wikitext en MediaWiki 1.17.x antes de 1.17.3 y 1.18.x antes de 1.18.2 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de ciertas entradas, como lo demuestra la función PadLeft. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html •