Page 68 of 354 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. • http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html http://secunia.com/advisories/19504 http://secunia.com/advisories/19508 http://secunia.com/advisories/19517 http://www.gentoo.org/security/en/glsa/glsa-200604-01.xml http://www.mediawiki.org/wiki/MediaWiki http://www.novell.com/linux/security/advisories/2006_07_sr.html http://www.securityfocus.com/bid/17269 http://www.vupen.com/english/advisories/2006/1194 https://exchange.xforce.ibmcloud.com/vulnera •

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18711 http://secunia.com/advisories/18717 http://sourceforge.net/project/shownotes.php?release_id=386609 http://www.vupen.com/english/advisories/2006/0392 https://exchange.xforce.ibmcloud.com/vulnerabilities/24478 •

CVSS: 4.3EPSS: 0%CPEs: 45EXPL: 0

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. • http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18219 http://secunia.com/advisories/18717 http://www.mediawiki.org/wiki/Download http://www.securityfocus.com/bid/16032 http://www.vupen.com/english/advisories/2005/3059 https://exchange.xforce.ibmcloud.com/vulnerabilities/23882 •

CVSS: 7.5EPSS: 10%CPEs: 8EXPL: 0

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. • http://secunia.com/advisories/17866 http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755 http://www.kb.cert.org/vuls/id/392156 http://www.securityfocus.com/bid/15703 http://www.vupen.com/english/advisories/2005/2726 •

CVSS: 5.0EPSS: 1%CPEs: 30EXPL: 0

Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. • http://sourceforge.net/project/shownotes.php?release_id=358163 http://www.novell.com/linux/security/advisories/2005_22_sr.html http://www.osvdb.org/19956 •