Page 57 of 361 results (0.038 seconds)

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

CVE-2013-4568

https://notcve.org/view.php?id=CVE-2013-4568

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer. Vulnerabilidad de blacklist incompleta en Sanitizer::checkCss en MediaWiki anteriores a 1.19.9, 1.20.8, y 1.21.x (anteriores a 1.21.3) permite a atacantes remotos conducir ataques de cross-site scripting (XSS) a través de ciertos caracteres no-ASCII en CSS, como fue demostrado utilizando variaciones de "expresion" que contienen (1) caracteres de ancho total o (2) extensiones IPA, las cuales son convertidas y renderizadas por Internet Explorer. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html http://secunia.com/advisories/57472 http://www.debian.org/security/2014/dsa-2891 http://www.securityfocus.com/bid/63761 https://bugzilla.wikimedia.org/attachment.cgi?id=13452&action=diff https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

CVE-2013-4573

https://notcve.org/view.php?id=CVE-2013-4573

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php. Vulnerabilidad de XSS en la extensión ZeroRatedMobileAccess para MediaWiki 1.19.x anterior a la versión 1.19.9, 1.20.x anterior a 1.20.8, y 1.21.x anterior a la versión 1.21.3 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro "to" hacia index.php. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html http://secunia.com/advisories/55754 https://bugzilla.wikimedia.org/show_bug.cgi?id=55991 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0

CVE-2013-2031

https://notcve.org/view.php?id=CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una sección CDATA conteniendo secuencias válidas codificadas con UTF-7 en un fichero SVG, el cual es interpretado incorrectamente como UTF-8 por Chrome y Firefox. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html http://secunia.com/advisories/55433 http://secunia.com/advisories/57472 http://security.gentoo.org/glsa/glsa-201310-21.xml http://www.debian.org/security/2014/dsa-2891 http://www • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 5%CPEs: 15EXPL: 0

CVE-2013-2114

https://notcve.org/view.php?id=CVE-2013-2114

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Vulnerabilidad de subida sin restricciones de ficheros en la API de subida de fragmentos en MediaWiki 1.19 a 1.19.6 y 1.20.x anteriores a 1.20.6 permite a atacantes remotos ejecutar código arbitrario mediante la subida de un fichero con extensión ejecutable. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html http://secunia.com/advisories/55433 http://security.gentoo.org/glsa/glsa-201310-21.xml http://www.openwall.com/lists/oss-security/2013/05/24/3 https://bugzilla.wikimedia.org/show_bug.cgi?id=48306 •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

CVE-2013-1817

https://notcve.org/view.php?id=CVE-2013-1817

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. MediaWiki versiones anteriores a la versión 1.19.4 y versiones 1.20.x anteriores a la versión 1.20.3, contiene un error en el script api.php lo que permite a atacantes remotos obtener información confidencial. • http://security.gentoo.org/glsa/glsa-201310-21.xml http://www.openwall.com/lists/oss-security/2013/03/05/4 http://www.securityfocus.com/bid/58305 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817 https://exchange.xforce.ibmcloud.com/vulnerabilities/88359 https://security-tracker.debian.org/tracker/CVE-2013-1817 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •