Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.
Max CVSS
2.6
EPSS Score
0.48%
Published
2006-06-07
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.
Max CVSS
4.3
EPSS Score
9.60%
Published
2006-05-26
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.
Max CVSS
4.3
EPSS Score
0.94%
Published
2006-03-30
Updated
2017-07-20
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."
Max CVSS
5.0
EPSS Score
0.45%
Published
2006-01-19
Updated
2017-07-20
4 vulnerabilities found