Page 50 of 318 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer. Vulnerabilidad de blacklist incompleta en Sanitizer::checkCss en MediaWiki anteriores a 1.19.9, 1.20.8, y 1.21.x (anteriores a 1.21.3) permite a atacantes remotos conducir ataques de cross-site scripting (XSS) a través de ciertos caracteres no-ASCII en CSS, como fue demostrado utilizando variaciones de "expresion" que contienen (1) caracteres de ancho total o (2) extensiones IPA, las cuales son convertidas y renderizadas por Internet Explorer. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html http://secunia.com/advisories/57472 http://www.debian.org/security/2014/dsa-2891 http://www.securityfocus.com/bid/63761 https://bugzilla.wikimedia.org/attachment.cgi?id=13452&action=diff https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS. Vulenrabilidad de lista negra incompleta en Sanitizer::checkCss en MediaWiki anterior a 1.19.9, 1.20.x anterior a 1.20.8 y 1.21.x anterior a 1.21.3 que permite a atacantes remotos realizar cross-site scripting (XSS) a través de un \b (retroceso carácter) en el CSS. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html http://secunia.com/advisories/57472 http://www.debian.org/security/2014/dsa-2891 http://www.securityfocus.com/bid/63760 https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page. La extensión CleanChanges de MediaWiki anterior a 1.19.9, 1.20.x anterior a 1.20.8 y 1.21.x anterior a 1.21.3, cuando "Group changes by page in recent changes and watchlist" está activada, permite a atacantes remotos obtener información sensible (revision-borrado IPs) a través de la página Recent Changes. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html https://bugzilla.wikimedia.org/show_bug.cgi?id=54294 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. Una vulnerabilidad de tipo cross-site scripting (XSS) en MediaWiki versiones anteriores a 1.19.5 y versiones 1.20.x anteriores a 1.20.4 y permite a atacantes remotos inyectar script web o HTML arbitrario por medio de nombres de función de Lua. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104027.html http://security.gentoo.org/glsa/glsa-201310-21.xml http://www.openwall.com/lists/oss-security/2013/04/16/12 http://www.securityfocus.com/bid/59077 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-1951 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1951 https://phabricator.wikimedia.org/T48084 https://security-tr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una sección CDATA conteniendo secuencias válidas codificadas con UTF-7 en un fichero SVG, el cual es interpretado incorrectamente como UTF-8 por Chrome y Firefox. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html http://secunia.com/advisories/55433 http://secunia.com/advisories/57472 http://security.gentoo.org/glsa/glsa-201310-21.xml http://www.debian.org/security/2014/dsa-2891 http://www • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •