CVE-2006-2611
https://notcve.org/view.php?id=CVE-2006-2611
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. • http://bugzilla.wikimedia.org/show_bug.cgi?id=6055 http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html http://nickj.org/MediaWiki http://secunia.com/advisories/20189 http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349 http://www.osvdb.org/25713 http://www.vupen.com/english •
CVE-2006-1498
https://notcve.org/view.php?id=CVE-2006-1498
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. • http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html http://secunia.com/advisories/19504 http://secunia.com/advisories/19508 http://secunia.com/advisories/19517 http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml http://www.mediawiki.org/wiki/MediaWiki http://www.novell.com/linux/security/advisories/2006_07_sr.html http://www.securityfocus.com/bid/17269 http://www.vupen.com/english/advisories/2006/1194 https://exchange.xforce.ibmcloud.com/vulnera •
CVE-2006-0322
https://notcve.org/view.php?id=CVE-2006-0322
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18711 http://secunia.com/advisories/18717 http://sourceforge.net/project/shownotes.php?release_id=386609 http://www.vupen.com/english/advisories/2006/0392 https://exchange.xforce.ibmcloud.com/vulnerabilities/24478 •
CVE-2005-4501
https://notcve.org/view.php?id=CVE-2005-4501
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18219 http://secunia.com/advisories/18717 http://www.mediawiki.org/wiki/Download http://www.securityfocus.com/bid/16032 http://www.vupen.com/english/advisories/2005/3059 https://exchange.xforce.ibmcloud.com/vulnerabilities/23882 •
CVE-2005-4031
https://notcve.org/view.php?id=CVE-2005-4031
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. • http://secunia.com/advisories/17866 http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755 http://www.kb.cert.org/vuls/id/392156 http://www.securityfocus.com/bid/15703 http://www.vupen.com/english/advisories/2005/2726 •