NotCVE - vendor:"Mediawiki" product:"Mediawiki" version:"1.11

Page 28 of 276 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2008-5250

https://notcve.org/view.php?id=CVE-2008-5250

19 Dec 2008 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en versiones de MediaWiki anteriores a 1.6.11, 1.12.x anteriores a 1.12.2, y 1.13.3 anteriores a 1.1... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 54EXPL: 0

CVE-2008-5252

https://notcve.org/view.php?id=CVE-2008-5252

19 Dec 2008 — Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors. Una vulnerabilidad de falsificación de petición en sitios cruzados en la funcionalidad Special:Import en MediaWiki 1.3.0 a 1.6.10, 1.12.x antes de 1.12.2, y 1.13.3 antes de 1.13.x, permite a atacantes remotos llevar a cabo acciones no especificadas como... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-1318

https://notcve.org/view.php?id=CVE-2008-1318

13 Mar 2008 — Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. Una vulnerabilidad no especificada en MediaWiki versiones 1.11 en versiones anteriores a la 1.11.2, permite a los atacantes remotos obtener información confidencial de "cross-site" por medio del parámetro callback en una llamada de la API para resultados formateados JavaScript Object N... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 72%CPEs: 21EXPL: 0

CVE-2008-0460

https://notcve.org/view.php?id=CVE-2008-0460

25 Jan 2008 — Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el fichero api.php de (1)MediaWiki 1.11 hasta 1.11.0rc1, 1.10 hasta 1.10.2, 1.9 hasta 1.9.4, y 1.8; y de (2) la extensi... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0

CVE-2007-4828

https://notcve.org/view.php?id=CVE-2007-4828

12 Sep 2007 — Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modo de presentación legible para humanos (pretty-printing) de la API de MediaWiki 1.8.0 hasta 1.8.4, 1.9.0 hasta 1.9.3, 1.10.0 hasta 1.10.1, y las versi... • http://fedoranews.org/updates/FEDORA-2007-218.shtml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0

CVE-2005-1888

https://notcve.org/view.php?id=CVE-2005-1888

06 Jun 2005 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 •

1...26 27 28