CVE-2007-0894
https://notcve.org/view.php?id=CVE-2007-0894
MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. MediaWiki anterior a 1.9.2 permite a atacantes remotos obtener información sensible mediante una petición directa de (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, o (4) Chick.deps.php en wiki/skins, lo cual muestra la ruta de instalación en el mensaje de error resultante. • http://bugzilla.wikimedia.org/show_bug.cgi?id=8819 http://osvdb.org/33706 http://osvdb.org/33707 http://osvdb.org/33708 http://osvdb.org/33709 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=19681 http://www.securityfocus.com/archive/1/459793/100/0/threaded http://zone14.free.fr/advisories/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/32440 •
CVE-2007-0177 – MediaWiki 1.x - 'AJAX index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0177
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo AJAX del MediaWiki anterior al 1.6.9, 1.7 anterior al 1.7.2, 1.8 anterior al 1.8.3 y 1.9 anterior al 1.9.0rc2, cuando el wgUseAjax está habilitado, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante vectores sin especificar. • https://www.exploit-db.com/exploits/29404 http://osvdb.org/31525 http://secunia.com/advisories/23647 http://secunia.com/advisories/24889 http://sourceforge.net/forum/forum.php?forum_id=652721 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/R •
CVE-2006-2895
https://notcve.org/view.php?id=CVE-2006-2895
Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. • http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html http://secunia.com/advisories/20458 http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES http://www.vupen.com/english/advisories/2006/2159 https://exchange.xforce.ibmcloud.com/vulnerabilities/27029 •
CVE-2006-2611
https://notcve.org/view.php?id=CVE-2006-2611
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. • http://bugzilla.wikimedia.org/show_bug.cgi?id=6055 http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035812.html http://mail.wikipedia.org/pipermail/wikitech-l/2006-May/035814.html http://nickj.org/MediaWiki http://secunia.com/advisories/20189 http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349 http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349 http://www.osvdb.org/25713 http://www.vupen.com/english •
CVE-2005-1888
https://notcve.org/view.php?id=CVE-2005-1888
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. • http://sourceforge.net/project/shownotes.php?release_id=332231 http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.securityfocus.com/bid/13861 •