) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2008-5687 |
MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. Published: December 19, 2008; 12:30:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2008-5252 |
Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors. Published: December 19, 2008; 12:30:03 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
| CVE-2008-5250 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. Published: December 19, 2008; 12:30:03 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
| CVE-2008-4408 |
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component. Published: October 03, 2008; 1:41:40 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |