Search CVE reports


Toggle filters

301 – 310 of 345 results


CVE-2012-1580

Low priority
Ignored

Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2012-1579

Medium priority
Ignored

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2012-1578

Low priority
Ignored

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1)...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2012-2698

Low priority
Not affected

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2011-4361

Medium priority
Ignored

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2011-4360

Medium priority
Ignored

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2011-1766

Medium priority
Ignored

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2011-1765

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2011-1587

Medium priority
Not affected

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages

CVE-2011-1580

Medium priority
Ignored

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki
Show less packages