Shodan
Vulnerabilities
Vulnerable Software
Mediawiki:  >> Mediawiki  Security Vulnerabilities
CVE-2014-5242
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-08-22
CVE-2014-5243
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-08-22
CVE-2014-3966
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.
CVSS Score
2.6
EPSS Score
0.004
Published
2014-06-06
CVE-2013-1818
maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-06-02
CVE-2012-5391
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.
CVSS Score
6.8
EPSS Score
0.009
Published
2014-06-02
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.
CVSS Score
6.8
EPSS Score
0.005
Published
2014-06-02
CVE-2014-3454
Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.002
Published
2014-05-12
CVE-2014-3455
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-05-12
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-05-12
CVE-2013-6453
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.
CVSS Score
7.5
EPSS Score
0.006
Published
2014-05-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved