CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1818 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1818
28 Oct 2013 — maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. maintenance/mwdoc-filter.php en MediaWiki anterior a 1.20.3 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://www.mediawiki.org/wiki/Release_notes/1.20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 5EXPL: 0CVE-2013-1951 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1951
28 Oct 2013 — A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones anteriores a 1.19.5 y versiones 1.20.x anteriores a 1.20.4 y permite a atacantes remotos inyectar script web o HTML arbitrario por medio de nombres de función de Lua. Multiple vulnerabilities have been found in MediaWiki, the worst of which could le... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2013-4304 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4304
28 Oct 2013 — The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password. La extensión de MediaWiki CentralAuth 1.19.x anterior a 1.19.8, 1.20.7 anterior a 1.20.x y 1.21.x anterior 1.21.2 almacena en caché un objeto CentralAuthUser válida en la cookie centralauth_User incluso cuando ... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2013-1816 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1816
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a 1.20.3, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) mediante el envío de una petición especialmente diseñada. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions... • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1817 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1817
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a la versión 1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener información confidencial. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4306 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4306
11 Oct 2013 — Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. Vulnerabilidad cross-site request forgery (CSRF) en api/ApiQueryCheckUser.php en la extensión CheckUser para MediaWiki, posiblemente CheckUser anteriores a 2.3, permite a atacantes remotos secuestrar la autenticac... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 1CVE-2013-4301 – Mandriva Linux Security Advisory 2013-235
https://notcve.org/view.php?id=CVE-2013-4301
16 Sep 2013 — includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message. includes/resourceloader/ResourceLoaderContext.php en MediaWiki 1.19.x anterior a la versión 1.19.8, 1.20.x anterior a 1.20.7, y 1.21.x anterior a la versión 1.21.2 permite a atacantes remot... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4303 – Mandriva Linux Security Advisory 2013-235
https://notcve.org/view.php?id=CVE-2013-4303
16 Sep 2013 — includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. El archivo includes/libs/IEUrlExtension.php en la API MediaWiki en MediaWiki versiones 1.19.x anteriores a 1.19.8, versiones 1.20.x an... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-4302 – Mandriva Linux Security Advisory 2013-235
https://notcve.org/view.php?id=CVE-2013-4302
13 Sep 2013 — (1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php. Los scripts ApiBlock.php, ApiCreateAccount.php, ApiLogin.php, ApiMain.php, ApiQueryDeletedrevs.php, ApiTokens.p... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2013-4307 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4307
11 Sep 2013 — Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description. Multiples vulnerabilidades XSS en repo/includes/EntityView.php en la extensión de Wikibase para MediaWiki 1.19.x anter... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •