CVSS: 5.3EPSS: 0%CPEs: 92EXPL: 0CVE-2010-1189
https://notcve.org/view.php?id=CVE-2010-1189
31 Mar 2010 — MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue." MediaWiki en versiones anteriores a la 1.15.2 no impide a los editores de wiki enlazar a imagenes de otros sitios web en las páginas del wiki, lo que permite a los editores obtener direcciones IP y otra información de los usua... • http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 92EXPL: 0CVE-2010-1190
https://notcve.org/view.php?id=CVE-2010-1190
31 Mar 2010 — thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations. thumb.php en MediaWiki en versiones anteriores a la 1.15.2, cuando es usado con mecanismos de restricción de acceso como en img_auth.php, no verifica los permisos del usuario antes de proporcionar imágenes a escala, lo ... • http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 54EXPL: 0CVE-2008-5252
https://notcve.org/view.php?id=CVE-2008-5252
19 Dec 2008 — Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors. Una vulnerabilidad de falsificación de petición en sitios cruzados en la funcionalidad Special:Import en MediaWiki 1.3.0 a 1.6.10, 1.12.x antes de 1.12.2, y 1.13.3 antes de 1.13.x, permite a atacantes remotos llevar a cabo acciones no especificadas como... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-1054
https://notcve.org/view.php?id=CVE-2007-1054
21 Feb 2007 — Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en las características AJAX en idex.php de MediaWiki 1.6.x hasta 1.9.2, cuando $wgUseAjax está habilitado, permite a atacantes remotos inyectar scripts web o ... • http://attrition.org/pipermail/vim/2007-February/001367.html •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1CVE-2007-1055
https://notcve.org/view.php?id=CVE-2007-1055
21 Feb 2007 — Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la característica AJAX del index.php en el MediaWiki 1.9.x anterior a al 1.9.0rc2, y el 1.8.2 y versiones anteriores, permite a atacantes remotos la inyección de secuenc... • http://osvdb.org/37343 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 2CVE-2007-0894
https://notcve.org/view.php?id=CVE-2007-0894
12 Feb 2007 — MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. MediaWiki anterior a 1.9.2 permite a atacantes remotos obtener información sensible mediante una petición directa de (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, o (4) Chick.deps.php en wiki/skins, lo cual muestra la ruta... • http://bugzilla.wikimedia.org/show_bug.cgi?id=8819 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2006-2611
https://notcve.org/view.php?id=CVE-2006-2611
26 May 2006 — Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. • http://bugzilla.wikimedia.org/show_bug.cgi?id=6055 •
CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0CVE-2005-4501
https://notcve.org/view.php?id=CVE-2005-4501
22 Dec 2005 — MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2005-3166
https://notcve.org/view.php?id=CVE-2005-3166
06 Oct 2005 — Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. • http://sourceforge.net/project/shownotes.php?release_id=358163 •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2005-2396
https://notcve.org/view.php?id=CVE-2005-2396
27 Jul 2005 — Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. Vulnerabilidad de secuencia de comandos en sitios cruzados en MediaWiki 1.4.6 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante un parámetro a la plantilla de mover página. • http://secunia.com/advisories/15950 •