Page 30 of 147 results (0.011 seconds)

CVSS: 5.8EPSS: 0%CPEs: 135EXPL: 0

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. MediaWiki anterior a v1.16.1, cuando el usuario o el sitio JavaScript o CSS está activado, permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html http://secunia.com/advisories/42810 http://www.openwall.com/lists/oss-security/2011/01/04/12 http://www.openwall.com/lists/oss-security/2011/01/04/6 http://www.osvdb.org& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.securityfocus.com/bid/13861 •