U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:mediawiki:mediawiki:1.18.6:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 242 matching records.
Displaying matches 241 through 242.
Vuln ID Summary CVSS Severity
CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

Published: November 17, 2013; 9:55:07 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

Published: November 17, 2013; 9:55:07 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM