mediawiki
431 tracked vulnerabilities.
CVE-2014-2242
MediaWiki <1.19.12, 1.20.x, 1.21.x <1.21.6, 1.22.x <1.22.3 - XSS
Mar 02, 2014
EPSS 0.00
CVE-2014-1610
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
Jan 30, 2014
EPSS 0.48
CVE-2013-4572
HIGH
MediaWiki <1.19.9, <1.20.8, <1.21.3 - Auth Bypass
Feb 06, 2020
CVSS 7.5
EPSS 0.01
CVE-2013-6455
MEDIUM
MediaWiki CentralAuth < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Unauthenticated Username Exposure via DOM Injection
Jan 28, 2020
CVSS 5.3
EPSS 0.00
CVE-2013-6451
MEDIUM
MediaWiki 1.19.9-1.19.10, 1.2x-1.21.4, 1.22.x-1.22.1 - Cross-Site Scripting via CSS Values
Jan 28, 2020
CVSS 6.1
EPSS 0.00
CVE-2013-4303
MEDIUM
MediaWiki 1.19.0-1.19.7 - Cross-Site Scripting via API siprop Parameter
Dec 11, 2019
CVSS 6.1
EPSS 0.01
CVE-2013-1817
HIGH
MediaWiki < 1.19.4 and 1.20.x < 1.20.3 - Information Disclosure via api.php
Nov 20, 2019
CVSS 7.5
EPSS 0.02
CVE-2013-1816
HIGH
MediaWiki < 1.19.4 and 1.20.x < 1.20.3 - Denial of Service via Crafted Request
Nov 20, 2019
CVSS 7.5
EPSS 0.04
CVE-2013-1951
MEDIUM
MediaWiki < 1.19.5 and 1.20.x < 1.20.4 - Cross-Site Scripting via Lua Function Names
Oct 31, 2019
CVSS 6.1
EPSS 0.02
CVE-2013-7444
MediaWiki <1.22.0 - Info Disclosure
Sep 01, 2015
EPSS 0.00
CVE-2013-1818
MediaWiki < 1.20.3 - Unauthenticated Arbitrary File Read via mwdoc-filter.php
Jun 02, 2014
EPSS 0.00
CVE-2013-6472
MediaWiki <1.19.10, 1.2x<1.21.4, 1.22.x<1.22.1 - Unauthorized Exposure of Deleted Page Info
May 12, 2014
EPSS 0.00
CVE-2013-6454
MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Cross-Site Scripting via -o-link Attribute
May 12, 2014
EPSS 0.00
CVE-2013-6453
MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - XML External Entity Injection in SVG File Sanitization
May 12, 2014
EPSS 0.01
CVE-2013-6452
MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Cross-Site Scripting via SVG XSL Injection
May 12, 2014
EPSS 0.00
CVE-2013-4574
MediaWiki <1.19.10, <1.21.4, <1.22.1 - XSS
May 12, 2014
EPSS 0.00
CVE-2013-4571
MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Buffer Overflow in php-luasandbox
May 12, 2014
EPSS 0.01
CVE-2013-4570
MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Denial of Service via Lua Data Structure Conversion
May 12, 2014
EPSS 0.01
CVE-2013-4304
CentralAuth Extension for MediaWiki Authentication Bypass via Cached Cookie
Jan 26, 2014
EPSS 0.00
CVE-2013-4569
MediaWiki <1.19.9, <1.20.x-1.20.8, <1.21.x-1.21.3 - Info Disclosure
Dec 13, 2013
EPSS 0.00
CVE-2013-4568
MediaWiki <1.19.9, 1.20.x <1.20.8, 1.21.x <1.21.3 - XSS
Dec 13, 2013
EPSS 0.00
CVE-2013-4567
MediaWiki <1.19.9, <1.20.8, <1.21.3 - XSS
Dec 13, 2013
EPSS 0.00
CVE-2013-4573
MediaWiki <1.19.9, 1.20.8, 1.21.3 - XSS
Nov 25, 2013
EPSS 0.00
CVE-2013-2114
MediaWiki 1.19-1.19.6 and 1.20.x < 1.20.6 - Unauthenticated Remote Code Execution via Chunk Upload API
Nov 18, 2013
EPSS 0.01
CVE-2013-2032
MediaWiki < 1.19.6 and 1.20.x < 1.20.5 - Unauthenticated Password Change Restriction Bypass
Nov 18, 2013
EPSS 0.01
Products
mediawiki 395
core 29
cargo 9
checkuser 8
abusefilter 3
visual_editor 3
mobilefrontend 2
abuse-filter 1
createredirect 1
data-transfer 1
matomo 1
mediawik 1
mediawiki_botquery_ext 1
rss_for_mediawiki 1
rssreader 1
score 1
scribunto 1
semantic-media-wiki 1
semantic_drilldown 1
shortdescription 1
skin\ 1
wikisource_category_browser 1
Quick Filters