VulnerableCode Package Details - pkg:deb/debian/mediawiki@1:1.27.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5muy-wgqw-dffa	MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.	CVE-2016-6332
VCID-8svz-zhz1-vyh6	ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.	CVE-2016-6331
VCID-bgjt-nzue-bqc1	Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.	CVE-2016-6334
VCID-fpkf-8mcr-6bee	MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.	CVE-2016-6337
VCID-h5xs-ky4t-b7ad	Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.	CVE-2016-6333
VCID-nre7-4fpc-9keb	MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.	CVE-2016-6336
VCID-xjz8-ebps-ckb1	MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.	CVE-2016-6335

Vulnerability

Summary

Aliases

VCID-5muy-wgqw-dffa

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.

CVE-2016-6332

VCID-8svz-zhz1-vyh6

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.

CVE-2016-6331

VCID-bgjt-nzue-bqc1

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.

CVE-2016-6334

VCID-fpkf-8mcr-6bee

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

CVE-2016-6337

VCID-h5xs-ky4t-b7ad

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

CVE-2016-6333

VCID-nre7-4fpc-9keb

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

CVE-2016-6336

VCID-xjz8-ebps-ckb1

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

CVE-2016-6335

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:29:18.761014+00:00	Debian Importer	Fixing	VCID-nre7-4fpc-9keb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:10:06.625501+00:00	Debian Importer	Fixing	VCID-h5xs-ky4t-b7ad	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:59:11.722041+00:00	Debian Importer	Fixing	VCID-bgjt-nzue-bqc1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:51:53.425274+00:00	Debian Importer	Fixing	VCID-5muy-wgqw-dffa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:50:25.400903+00:00	Debian Importer	Fixing	VCID-8svz-zhz1-vyh6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:46.031987+00:00	Debian Importer	Fixing	VCID-xjz8-ebps-ckb1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:42:58.934888+00:00	Debian Importer	Fixing	VCID-fpkf-8mcr-6bee	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:14:26.248659+00:00	Debian Importer	Fixing	VCID-nre7-4fpc-9keb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T18:14:26.205405+00:00	Debian Importer	Fixing	VCID-xjz8-ebps-ckb1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:08:15.404891+00:00	Debian Importer	Fixing	VCID-h5xs-ky4t-b7ad	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:01:36.783027+00:00	Debian Importer	Fixing	VCID-bgjt-nzue-bqc1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:11.213979+00:00	Debian Importer	Fixing	VCID-5muy-wgqw-dffa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:56:20.662223+00:00	Debian Importer	Fixing	VCID-8svz-zhz1-vyh6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:51:23.853557+00:00	Debian Importer	Fixing	VCID-fpkf-8mcr-6bee	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:45:46.557282+00:00	Debian Importer	Fixing	VCID-fpkf-8mcr-6bee	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:46.508842+00:00	Debian Importer	Fixing	VCID-nre7-4fpc-9keb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:46.459544+00:00	Debian Importer	Fixing	VCID-xjz8-ebps-ckb1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:46.410036+00:00	Debian Importer	Fixing	VCID-bgjt-nzue-bqc1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:46.359647+00:00	Debian Importer	Fixing	VCID-h5xs-ky4t-b7ad	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:46.309985+00:00	Debian Importer	Fixing	VCID-5muy-wgqw-dffa	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:46.261423+00:00	Debian Importer	Fixing	VCID-8svz-zhz1-vyh6	https://security-tracker.debian.org/tracker/data/json	38.1.0