CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2013-1816 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1816
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a 1.20.3, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) mediante el envío de una petición especialmente diseñada. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions... • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1817 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-1817
28 Oct 2013 — MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a la versión 1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener información confidencial. Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected. • http://security.gentoo.org/glsa/glsa-201310-21.xml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4305 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4305
11 Oct 2013 — Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de XSS en contrib/example.php de la extensión SyntaxHighlight GeSHi para MediaWiki, posiblemente la descargada antes de septiembre de 2013, permite a atacantes remotos inyectar script web arbitrario o HTML a través de PATH_INFO. Multiple vulnerabiliti... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4306 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4306
11 Oct 2013 — Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors. Vulnerabilidad cross-site request forgery (CSRF) en api/ApiQueryCheckUser.php en la extensión CheckUser para MediaWiki, posiblemente CheckUser anteriores a 2.3, permite a atacantes remotos secuestrar la autenticac... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 1CVE-2013-4301 – Mandriva Linux Security Advisory 2013-235
https://notcve.org/view.php?id=CVE-2013-4301
16 Sep 2013 — includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message. includes/resourceloader/ResourceLoaderContext.php en MediaWiki 1.19.x anterior a la versión 1.19.8, 1.20.x anterior a 1.20.7, y 1.21.x anterior a la versión 1.21.2 permite a atacantes remot... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4303 – Mandriva Linux Security Advisory 2013-235
https://notcve.org/view.php?id=CVE-2013-4303
16 Sep 2013 — includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. El archivo includes/libs/IEUrlExtension.php en la API MediaWiki en MediaWiki versiones 1.19.x anteriores a 1.19.8, versiones 1.20.x an... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-4302 – Mandriva Linux Security Advisory 2013-235
https://notcve.org/view.php?id=CVE-2013-4302
13 Sep 2013 — (1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php. Los scripts ApiBlock.php, ApiCreateAccount.php, ApiLogin.php, ApiMain.php, ApiQueryDeletedrevs.php, ApiTokens.p... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2013-4307 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4307
11 Sep 2013 — Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description. Multiples vulnerabilidades XSS en repo/includes/EntityView.php en la extensión de Wikibase para MediaWiki 1.19.x anter... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2013-4308 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-4308
11 Sep 2013 — Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject. Vulnerabilidad cross-site scripting (XSS) en pages/TalkpageHistoryView.php en la extensión LiquidThreads (LQT) 2.x y posiblemente 3.x para MediaWiki 1.19.x (anteriores a 1.19.8) 1.20.x (anteriores a 1.20.7) y 1.2... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 18%CPEs: 155EXPL: 2CVE-2012-2698 – MediaWiki 1.x - 'uselang' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2698
29 Jun 2012 — Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en includes/SkinTemplate.php de MediaWiki anteriores a 1.17.5, 1.8.x anteriores a 1.18.4, y 1.19.x anteriores a 1.19.1. Permite a atacantes remotos inyectar codi... • https://www.exploit-db.com/exploits/37404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •