) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mediawiki:mediawiki:1.4.9:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2006-1498 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. Published: March 29, 2006; 7:06:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2006-0322 |
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." Published: January 19, 2006; 4:03:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2005-4501 |
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. Published: December 22, 2005; 4:03:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2005-3166 |
Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. Published: October 06, 2005; 6:02:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2005-3167 |
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Published: October 06, 2005; 6:02:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |