Mediawiki CVE - OpenCVE

Filtered by vendor Mediawiki Subscribe

Total 386 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2004-2185	1 Mediawiki	1 Mediawiki	2024-11-20	6.8 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
CVE-2004-2152	1 Mediawiki	1 Mediawiki	2024-11-20	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.
CVE-2004-1405	1 Mediawiki	1 Mediawiki	2024-11-20	7.5 HIGH	N/A
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
CVE-2024-47846	1 Mediawiki	1 Cargo	2024-10-16	N/A	8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
CVE-2024-47847	1 Mediawiki	1 Cargo	2024-10-16	N/A	6.1 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
CVE-2024-47849	1 Mediawiki	1 Cargo	2024-10-16	N/A	9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

Vulnerabilities (CVE)