mediawiki

431 tracked vulnerabilities.

CVE-2013-2031
Gentoo Linux < 1.19.5 - XSS
Nov 18, 2013
EPSS 0.02
CVE-2013-4302
MediaWiki 1.19.x < 1.19.8, 1.20.x < 1.20.7, 1.21.x < 1.21.2 - CSRF Protection Bypass via JSONP
Oct 27, 2013
EPSS 0.01
CVE-2013-4301
MediaWiki <1.19.8, <1.20.7, <1.21.2 - Sensitive Information Exposure via Lang Parameter
Oct 27, 2013
EPSS 0.01
CVE-2013-4306
MediaWiki 1.19.0-1.19.7 - Cross-Site Request Forgery in CheckUser Extension
Oct 11, 2013
EPSS 0.00
CVE-2013-4305
MediaWiki SyntaxHighlight GeSHi Extension - Cross-Site Scripting via PATH_INFO
Oct 11, 2013
EPSS 0.00
CVE-2013-4307
MediaWiki 1.19.x < 1.19.8, 1.20.x < 1.20.7, 1.21.x < 1.21.2 - Cross-Site Scripting in Wikibase EntityView
Sep 12, 2013
EPSS 0.00
CVE-2012-4381 HIGH
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - Use of Hard-coded Credentials
Feb 08, 2020
CVSS 8.1
EPSS 0.03
CVE-2012-0046 HIGH
MediaWiki < 1.17.2 - Unauthorized Exposure of Deleted Text
Oct 29, 2019
CVSS 7.5
EPSS 0.00
CVE-2012-4378 MEDIUM
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - Cross-Site Scripting via Userlang Parameter
Oct 26, 2017
CVSS 6.1
EPSS 0.01
CVE-2012-4377 MEDIUM
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - Cross-Site Scripting via File Link to Nonexistent Image
Oct 26, 2017
CVSS 6.1
EPSS 0.01
CVE-2012-4382 MEDIUM
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - Unauthorized User Block Metadata Exposure via Reblock Attempt
Oct 19, 2017
CVSS 4.9
EPSS 0.00
CVE-2012-4380 HIGH
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - GlobalBlocking Extension IP Address Blocking Bypass
Oct 19, 2017
CVSS 7.5
EPSS 0.01
CVE-2012-4379 MEDIUM
MediaWiki < 1.18.5 and 1.19.x < 1.19.2 - Clickjacking via Missing X-Frame-Options Header
Oct 19, 2017
CVSS 6.5
EPSS 0.00
CVE-2012-5395
MediaWiki <1.18.6, <1.19.3, <1.20.1 - Session Fixation
Jun 02, 2014
EPSS 0.01
CVE-2012-5391
MediaWiki <1.18.6, <1.19.3, <1.20.1 - Session Fixation
Jun 02, 2014
EPSS 0.01
CVE-2012-5394
MediaWiki <1.19.9, <1.20.8, <1.21.3 - CSRF
Dec 13, 2013
EPSS 0.00
CVE-2012-6453
MediaWiki RSS Reader < 0.2.6 - Cross-Site Scripting via Crafted Feed
Dec 31, 2012
EPSS 0.00
CVE-2012-4885
MediaWiki 1.17.x < 1.17.3 and 1.18.x < 1.18.2 - Denial of Service via Wikitext Parser
Sep 09, 2012
EPSS 0.01
CVE-2012-1582
MediaWiki 1.17.x < 1.17.3 and 1.18.x < 1.18.2 - Cross-Site Scripting via Forged Strip Item Markers
Sep 09, 2012
EPSS 0.01
CVE-2012-1581
MediaWiki 1.17.x < 1.17.3 and 1.18.x < 1.18.2 - Weak Password Reset Token Randomness
Sep 09, 2012
EPSS 0.01
CVE-2012-1580
MediaWiki 1.17.x < 1.17.3 and 1.18.x < 1.18.2 - Cross-Site Request Forgery via Special:Upload
Sep 09, 2012
EPSS 0.00
CVE-2012-1579
MediaWiki 1.17.x < 1.17.3 and 1.18.x < 1.18.2 - Exposure of Sensitive Information via Resource Loader
Sep 09, 2012
EPSS 0.01
CVE-2012-1578
MediaWiki 1.17.x < 1.17.3 and 1.18.x < 1.18.2 - Cross-Site Request Forgery via Block/Unblock Module
Sep 09, 2012
EPSS 0.00
CVE-2012-2698
MediaWiki <1.17.5, <1.18.4, <1.19.1 - XSS
Jun 29, 2012
EPSS 0.15
CVE-2011-4361
MediaWiki <1.17.1 - Info Disclosure
Jan 08, 2012
EPSS 0.00
Products
mediawiki 395 core 29 cargo 9 checkuser 8 abusefilter 3 visual_editor 3 mobilefrontend 2 abuse-filter 1 createredirect 1 data-transfer 1 matomo 1 mediawik 1 mediawiki_botquery_ext 1 rss_for_mediawiki 1 rssreader 1 score 1 scribunto 1 semantic-media-wiki 1 semantic_drilldown 1 shortdescription 1 skin\ 1 wikisource_category_browser 1
Quick Filters
Critical CVEs With Exploits In CISA KEV