CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 2CVE-2006-2611
https://notcve.org/view.php?id=CVE-2006-2611
26 May 2006 — Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. • http://bugzilla.wikimedia.org/show_bug.cgi?id=6055 •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2006-1498
https://notcve.org/view.php?id=CVE-2006-1498
30 Mar 2006 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. • http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0CVE-2006-0322
https://notcve.org/view.php?id=CVE-2006-0322
19 Jan 2006 — Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html •
CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0CVE-2005-4501
https://notcve.org/view.php?id=CVE-2005-4501
22 Dec 2005 — MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html •
CVSS: 9.8EPSS: 6%CPEs: 8EXPL: 0CVE-2005-4031
https://notcve.org/view.php?id=CVE-2005-4031
06 Dec 2005 — Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. • http://secunia.com/advisories/17866 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2005-2215
https://notcve.org/view.php?id=CVE-2005-2215
12 Jul 2005 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. • http://secunia.com/advisories/15950 •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2005-1888
https://notcve.org/view.php?id=CVE-2005-1888
06 Jun 2005 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 •