CVE-2008-1318
https://notcve.org/view.php?id=CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. Una vulnerabilidad no especificada en MediaWiki versiones 1.11 en versiones anteriores a la 1.11.2, permite a los atacantes remotos obtener información confidencial de "cross-site" por medio del parámetro callback en una llamada de la API para resultados formateados JavaScript Object Notation (JSON). • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html http://secunia.com/advisories/29216 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES http://www.securityfocus.com/bid/28070 http://www.securitytracker.com/id?1019535 http://www.vupen.com/english/advisories/2008/0732/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-0460
https://notcve.org/view.php?id=CVE-2008-0460
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el fichero api.php de (1)MediaWiki 1.11 hasta 1.11.0rc1, 1.10 hasta 1.10.2, 1.9 hasta 1.9.4, y 1.8; y de (2) la extensión BotQuery para MediaWiki 1.7 y anteriores; cuando se está usando Internet Explorer, permite a atacantes remotos inyectar, a su elección, código web o HTML a través de vectores sin especificar. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html http://secunia.com/advisories/28629 http://secunia.com/advisories/29266 http://www.securityfocus.com/bid/28137 http://www.vupen.com/english/advisories/2008/0280 https://exchange.xforce.ibmcloud.com/vulnerabilities/39901 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4883
https://notcve.org/view.php?id=CVE-2007-4883
Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión BotQuery de MediaWiki 1.7.x y versiones anteriores a SVN 20070910 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados, asunto similar a CVE-2007-4828. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html http://osvdb.org/37336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4828
https://notcve.org/view.php?id=CVE-2007-4828
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modo de presentación legible para humanos (pretty-printing) de la API de MediaWiki 1.8.0 hasta 1.8.4, 1.9.0 hasta 1.9.3, 1.10.0 hasta 1.10.1, y las versiones de desarrollo hasta la 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://fedoranews.org/updates/FEDORA-2007-218.shtml http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html http://secunia.com/advisories/26772 http://secunia.com/advisories/26870 http://www.securityfocus.com/bid/25632 http://www.vupen.com/english/advisories/2007/3130 https://bugzilla.redhat.com/show_bug.cgi?id=287881 https://exchange.xforce.ibmcloud.com/vulnerabilities/36558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-1054
https://notcve.org/view.php?id=CVE-2007-1054
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en las características AJAX en idex.php de MediaWiki 1.6.x hasta 1.9.2, cuando $wgUseAjax está habilitado, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante un valor codificado UTF-7 del parámetro rs, que es procesado por Internet Explorer. • http://attrition.org/pipermail/vim/2007-February/001367.html http://osvdb.org/32078 http://secunia.com/advisories/24211 http://securityreason.com/securityalert/2274 http://sourceforge.net/project/shownotes.php?release_id=487921&group_id=34373 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES http://www.bugsec.com/articles.php?Security=24 http://www.securityfocus.com/archive/1/460596/100/0/threaded http://www.vupen.com/english/advisories/2007/0678 https •