CVE-2008-5687
https://notcve.org/view.php?id=CVE-2008-5687
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. MediaWiki versión 1.11, y otras versiones anteriores a 1.13.3, no protege apropiadamente contra la descarga de copias de seguridad de imágenes eliminadas, lo que podría permitir a atacantes remotos obtener información confidencial por medio de peticiones de archivos en images/deleted/. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html http://secunia.com/advisories/33349 https://exchange.xforce.ibmcloud.com/vulnerabilities/47678 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5250
https://notcve.org/view.php?id=CVE-2008-5250
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en versiones de MediaWiki anteriores a 1.6.11, 1.12.x anteriores a 1.12.2, y 1.13.3 anteriores a 1.13.x, cuando se esta usando Internet Explorer y las subidas están habilitadas, o bien cuando un navegador que permita secuencias de comandos SVG se este usando y las subidas SVG estén habilitadas, permite a usuarios remotos autenticados inyectar HTML o secuencias de comandos web arbitrarias durante la edición de una página del wiki. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html http://secunia.com/advisories/33133 http://secunia.com/advisories/33349 http://www.debian.org/security/2009/dsa-1901 http://www.securityfocus.com/bid/32844 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4828
https://notcve.org/view.php?id=CVE-2007-4828
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modo de presentación legible para humanos (pretty-printing) de la API de MediaWiki 1.8.0 hasta 1.8.4, 1.9.0 hasta 1.9.3, 1.10.0 hasta 1.10.1, y las versiones de desarrollo hasta la 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://fedoranews.org/updates/FEDORA-2007-218.shtml http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html http://secunia.com/advisories/26772 http://secunia.com/advisories/26870 http://www.securityfocus.com/bid/25632 http://www.vupen.com/english/advisories/2007/3130 https://bugzilla.redhat.com/show_bug.cgi?id=287881 https://exchange.xforce.ibmcloud.com/vulnerabilities/36558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-1888
https://notcve.org/view.php?id=CVE-2005-1888
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.securityfocus.com/bid/13861 •