National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mediawiki:mediawiki:1.20.6
There are 86 matching records.
Displaying matches 81 through 86.
Vuln ID Summary CVSS Severity
CVE-2013-4306

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.

Published: October 11, 2013; 05:55:44 PM -04:00
    V2: 6.8 MEDIUM
CVE-2013-4305

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Published: October 11, 2013; 05:55:44 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-4308

Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject.

Published: September 12, 2013; 09:31:13 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-4307

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description.

Published: September 12, 2013; 09:30:39 AM -04:00
    V2: 4.3 MEDIUM
CVE-2011-4361

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.

Published: January 08, 2012; 06:55:19 AM -05:00
    V2: 5.0 MEDIUM
CVE-2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

Published: January 08, 2012; 06:55:18 AM -05:00
    V2: 5.0 MEDIUM