Filtered by vendor Mediawiki
Subscriptions
Total
389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18612 | 1 Mediawiki | 1 Abusefilter | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. | ||||
| CVE-2019-18611 | 1 Mediawiki | 1 Checkuser | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. | ||||
| CVE-2019-16738 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 5.3 Medium |
| In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | ||||
| CVE-2019-16529 | 1 Mediawiki | 1 Checkuser | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model. | ||||
| CVE-2019-16528 | 1 Mediawiki | 1 Abusefilter | 2024-11-21 | 7.5 High |
| An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | ||||
| CVE-2019-15124 | 1 Mediawiki | 1 Mobilefrontend | 2024-11-21 | 6.1 Medium |
| In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33. | ||||
| CVE-2019-14807 | 1 Mediawiki | 1 Mobilefrontend | 2024-11-21 | 6.1 Medium |
| In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | ||||
| CVE-2019-12474 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12473 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12472 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12471 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12470 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12469 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | ||||
| CVE-2019-12467 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | ||||
| CVE-2019-12466 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Wikimedia MediaWiki through 1.32.1 allows CSRF. | ||||
| CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
| CVE-2018-0505 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | ||||
| CVE-2018-0504 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | ||||
| CVE-2018-0503 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | ||||