Mediawiki : Security Vulnerabilities, CVEs, Published In 2018 CVSS score >= 1
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
Max CVSS
5.3
EPSS Score
0.32%
Published
2018-10-04
Updated
2018-11-23
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
Max CVSS
6.5
EPSS Score
1.41%
Published
2018-10-04
Updated
2019-10-18
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-10-04
Updated
2019-10-29
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
Max CVSS
4.3
EPSS Score
0.41%
Published
2018-10-04
Updated
2019-10-18
CVE-2017-0372
Public exploit
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Max CVSS
9.8
EPSS Score
88.62%
Published
2018-04-13
Updated
2018-05-17
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
Max CVSS
5.3
EPSS Score
0.23%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
Max CVSS
6.5
EPSS Score
0.10%
Published
2018-04-13
Updated
2019-10-03
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
Max CVSS
5.3
EPSS Score
0.23%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
Max CVSS
8.8
EPSS Score
0.19%
Published
2018-04-13
Updated
2019-10-03
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
Max CVSS
5.4
EPSS Score
0.13%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
Max CVSS
4.7
EPSS Score
0.09%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
Max CVSS
6.1
EPSS Score
0.21%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
Max CVSS
6.1
EPSS Score
0.21%
Published
2018-04-13
Updated
2018-05-14
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
Max CVSS
8.8
EPSS Score
0.23%
Published
2018-04-13
Updated
2018-05-15
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-04-13
Updated
2018-05-14
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
Max CVSS
5.3
EPSS Score
0.21%
Published
2018-04-16
Updated
2018-05-18
16 vulnerabilities found