CVEDB API

Vulnerabilities

Vulnerable Software

Mediawiki: >> Mediawiki >> 1.19.15 Security Vulnerabilities

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CVSS Score

4.3

EPSS Score

0.018

Published

2014-08-22

CVE-2014-3966

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

CVSS Score

2.6

EPSS Score

0.021

Published

2014-06-06

CVE-2013-1818

maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS Score

5.0

EPSS Score

0.021

Published

2014-06-02

CVE-2014-2853

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

CVSS Score

4.3

EPSS Score

0.024

Published

2014-04-29

Page 25

Vulnerabilities

Vulnerable Software

Mediawiki: >> Mediawiki >> 1.19.15 Security Vulnerabilities

Products

Pricing

Contact Us