Page 55 of 277 results (0.014 seconds)

CVSS: 4.3EPSS: 9%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. • http://bugzilla.wikimedia.org/show_bug.cgi?id=6055 http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html http://nickj.org/MediaWiki http://secunia.com/advisories/20189 http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349 http://www.osvdb.org/25713 http://www.vupen.com/english&#x •

CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. • http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html http://secunia.com/advisories/19504 http://secunia.com/advisories/19508 http://secunia.com/advisories/19517 http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml http://www.mediawiki.org/wiki/MediaWiki http://www.novell.com/linux/security/advisories/2006_07_sr.html http://www.securityfocus.com/bid/17269 http://www.vupen.com/english/advisories/2006/1194 https://exchange.xforce.ibmcloud.com/vulnera •

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18711 http://secunia.com/advisories/18717 http://sourceforge.net/project/shownotes.php?release_id=386609 http://www.vupen.com/english/advisories/2006/0392 https://exchange.xforce.ibmcloud.com/vulnerabilities/24478 •

CVSS: 4.3EPSS: 0%CPEs: 45EXPL: 0

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18219 http://secunia.com/advisories/18717 http://www.mediawiki.org/wiki/Download http://www.securityfocus.com/bid/16032 http://www.vupen.com/english/advisories/2005/3059 https://exchange.xforce.ibmcloud.com/vulnerabilities/23882 •

CVSS: 7.5EPSS: 10%CPEs: 8EXPL: 0

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. • http://secunia.com/advisories/17866 http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755 http://www.kb.cert.org/vuls/id/392156 http://www.securityfocus.com/bid/15703 http://www.vupen.com/english/advisories/2005/2726 •