NotCVE - vendor:"Mediawiki" product:"Mediawiki" version:"1.6.4"

Page 8 of 275 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-28205 – Gentoo Linux Security Advisory 202305-24

https://notcve.org/view.php?id=CVE-2022-28205

30 Mar 2022 — An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. Se ha detectado un problema en MediaWiki versiones hasta 1.37.1. La extensión CentralAuth maneja inapropiadamente un problema de ttl para grupos que expiran en el futuro Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected. • https://gerrit.wikimedia.org/r/q/Ic6ba1a37b78df5b342ceeba4c1493dbde583b81f •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-28206 – Gentoo Linux Security Advisory 202305-24

https://notcve.org/view.php?id=CVE-2022-28206

30 Mar 2022 — An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. Se ha detectado un problema en MediaWiki versiones hasta 1.37.1. El archivo ImportPlanValidator.php en la extensión FileImporter maneja inapropiadamente la comprobación de los derechos de edición Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected. • https://gerrit.wikimedia.org/r/q/I84be9cd3639b8ab0e037a4ec2d3f2f478f0989c5 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2017-0371

https://notcve.org/view.php?id=CVE-2017-0371

18 Feb 2022 — MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. MediaWiki versiones anteriores a 1.23.16, versiones 1.24.x hasta 1.27.x anteriores a 1.27.2 y versiones 1.28.x anteriores a 1.28.1, permite a atacantes remotos descubrir las direcciones IP de los visitantes del Wiki p... • https://phabricator.wikimedia.org/T140591 •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-46147

https://notcve.org/view.php?id=CVE-2021-46147

07 Jan 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. MassEditRegex permite un ataque de tipo CSRF • https://gerrit.wikimedia.org/r/q/I5980de35b0a01b5242b68b7b0bdc08adf5d968d8 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-46148

https://notcve.org/view.php?id=CVE-2021-46148

07 Jan 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. Algunos usuarios no privilegiados pueden visualizar información confidencial (por ejemplo, direcciones IP y encabezados User-... • https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-46149

https://notcve.org/view.php?id=CVE-2021-46149

07 Jan 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, versiones 1.36.x anteriores a 1.36.3 y versiones 1.37.x anteriores a 1.37.1.Puede producirse una denegación de servicio (consumo de recursos) al buscar una clave muy larga en una búsqueda de nombres de idiomas • https://gerrit.wikimedia.org/r/q/Ide32704cca578b9aecbce34bdcc0ac25c2a09a4d • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2021-46150

https://notcve.org/view.php?id=CVE-2021-46150

07 Jan 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. Special:CheckUserLog permite el XSS de CheckUser debido a un manejo inapropiado de la fecha, como lo demuestra una carga útil de tipo XSS en MediaWiki:Octob... • https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-46146

https://notcve.org/view.php?id=CVE-2021-46146

07 Jan 2022 — An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. Se ha detectado un problema en MediaWiki versiones anteriores a 1.35.5, 1.36.x anteriores a 1.36.3 y 1.37.x anteriores a 1.37.1. El componente WikibaseMediaInfo es vulnerable a un ataque de tipo XSS por medio de los campos caption de un archivo de medios determinado • https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-45471

https://notcve.org/view.php?id=CVE-2021-45471

24 Dec 2021 — In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. En MediaWiki versiones hasta 1.37, las direcciones IP bloqueadas pueden editar elementos de EntitySchema • https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9 •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-45472

https://notcve.org/view.php?id=CVE-2021-45472

24 Dec 2021 — In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. En MediaWiki versiones hasta 1.37, un ataque de tipo XSS puede ocurrir en Wikibase porque una propiedad de identificador externo puede tener un formato de URL que incluye un marcador de sustitución de formato $1, y el esquema javascript: URL (entre otros) puede ser usado • https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...6 7 8 9 10