CVSS: 6.1EPSS: 1%CPEs: 71EXPL: 0CVE-2013-2031 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2013-2031
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una sección CDATA conteniendo secuencias válidas codificadas con UTF-7 en un ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2013-2032 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-2032
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5 no permite a las extensiones prevenir cambios en las contraseñas sin usar Special:PasswordReset y Special:ChangePassword, lo cual permite a atacantes remoto... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1818 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1818
28 Oct 2013 — maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. maintenance/mwdoc-filter.php en MediaWiki anterior a 1.20.3 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://www.mediawiki.org/wiki/Release_notes/1.20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 5EXPL: 0CVE-2013-1951 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1951
28 Oct 2013 — A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones anteriores a 1.19.5 y versiones 1.20.x anteriores a 1.20.4 y permite a atacantes remotos inyectar script web o HTML arbitrario por medio de nombres de función de Lua. Multiple vulnerabilities have been found in MediaWiki, the worst of which could le... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2013-1816 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1816
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a 1.20.3, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) mediante el envío de una petición especialmente diseñada. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions... • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1817 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1817
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a la versión 1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener información confidencial. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 18%CPEs: 155EXPL: 2CVE-2012-2698 – MediaWiki 1.x - 'uselang' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2698
29 Jun 2012 — Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en includes/SkinTemplate.php de MediaWiki anteriores a 1.17.5, 1.8.x anteriores a 1.18.4, y 1.19.x anteriores a 1.19.1. Permite a atacantes remotos inyectar codi... • https://www.exploit-db.com/exploits/37404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 136EXPL: 0CVE-2011-0047
https://notcve.org/view.php?id=CVE-2011-0047
04 Feb 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki anterior a v1.16.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante una hoja de estilos (CSS) manipulada, también conocido como "vulnerabilidad de inyección de... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 135EXPL: 0CVE-2011-0003
https://notcve.org/view.php?id=CVE-2011-0003
11 Jan 2011 — MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. MediaWiki anterior a v1.16.1, cuando el usuario o el sitio JavaScript o CSS está activado, permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2005-1888
https://notcve.org/view.php?id=CVE-2005-1888
06 Jun 2005 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 •