Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/505012?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "type": "ebuild", "namespace": "www-apps", "name": "mediawiki", "version": "1.23.8", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.25.2", "latest_non_vulnerable_version": "1.38.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174496?format=api", "vulnerability_id": "VCID-1kbn-29nx-63dh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49491", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49553", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49563", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49546", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49517", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49529", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9479" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9479" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kbn-29nx-63dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174500?format=api", "vulnerability_id": "VCID-2udx-b4av-cubw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01009", "scoring_system": "epss", "scoring_elements": "0.77432", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01009", "scoring_system": "epss", "scoring_elements": "0.77459", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01009", "scoring_system": "epss", "scoring_elements": "0.77469", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01009", "scoring_system": "epss", "scoring_elements": "0.77449", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01009", "scoring_system": "epss", "scoring_elements": "0.7747", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9487" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9487" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2udx-b4av-cubw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92973?format=api", "vulnerability_id": "VCID-5kqg-4rbp-rbb9", "summary": "MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44904", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44973", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44977", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44957", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44928", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4494", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9507" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9507" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kqg-4rbp-rbb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92960?format=api", "vulnerability_id": "VCID-5nt1-xhkx-yfbx", "summary": "Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64211", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64263", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64252", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64241", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64261", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2244" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-2244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nt1-xhkx-yfbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174494?format=api", "vulnerability_id": "VCID-8azm-7wd4-kfcd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49491", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49553", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49563", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49546", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49517", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49529", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9477" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8azm-7wd4-kfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92964?format=api", "vulnerability_id": "VCID-9br2-t8bx-jude", "summary": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54871", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54928", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54929", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5491", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54931", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57714", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510", "reference_id": "758510", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-5241" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9br2-t8bx-jude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174497?format=api", "vulnerability_id": "VCID-a39y-xns5-wyen", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.55678", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.55735", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.55741", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.55729", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.5571", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9480" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9480" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a39y-xns5-wyen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92965?format=api", "vulnerability_id": "VCID-a5y8-w7vr-7qdc", "summary": "Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62271", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62319", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62326", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62316", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.623", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5242" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-5242" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5y8-w7vr-7qdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92952?format=api", "vulnerability_id": "VCID-a8vf-xn29-jbe1", "summary": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55134", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55193", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.552", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55191", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55172", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2013-6452" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8vf-xn29-jbe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92953?format=api", "vulnerability_id": "VCID-anwp-a92h-qufy", "summary": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6453", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00623", "scoring_system": "epss", "scoring_elements": "0.70515", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00623", "scoring_system": "epss", "scoring_elements": "0.70557", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00623", "scoring_system": "epss", "scoring_elements": "0.70566", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00623", "scoring_system": "epss", "scoring_elements": "0.70548", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00623", "scoring_system": "epss", "scoring_elements": "0.70536", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00623", "scoring_system": "epss", "scoring_elements": "0.7056", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2013-6453" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-anwp-a92h-qufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92959?format=api", "vulnerability_id": "VCID-cbg1-nkqw-w3gx", "summary": "includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59943", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5999", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59993", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59981", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59964", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59982", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-2243" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbg1-nkqw-w3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92967?format=api", "vulnerability_id": "VCID-cpuc-w8m7-nudw", "summary": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54611", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54669", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.5468", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54673", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54652", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54672", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7199" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762754", "reference_id": "762754", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762754" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-7199" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpuc-w8m7-nudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92970?format=api", "vulnerability_id": "VCID-e8um-kuds-6bhc", "summary": "The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75417", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75446", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.7545", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.7544", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75427", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75453", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772764", "reference_id": "772764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772764" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9277" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8um-kuds-6bhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92954?format=api", "vulnerability_id": "VCID-f41k-yj26-zue1", "summary": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55134", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55193", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.552", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55191", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55172", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2013-6454" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f41k-yj26-zue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174495?format=api", "vulnerability_id": "VCID-f9u3-5sb3-uyfq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49009", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4907", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49079", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49063", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49033", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49045", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9478" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9478" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9u3-5sb3-uyfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92971?format=api", "vulnerability_id": "VCID-fgkw-7jsk-tqdv", "summary": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37004", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37095", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37102", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.3707", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37032", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9475" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773654", "reference_id": "773654", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773654" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9475" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgkw-7jsk-tqdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92955?format=api", "vulnerability_id": "VCID-g7px-mnwk-d7hc", "summary": "MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6117", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61218", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61226", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61212", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61194", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61214", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2013-6472" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7px-mnwk-d7hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92962?format=api", "vulnerability_id": "VCID-jqrt-mauu-pyck", "summary": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.", "references": [ { "reference_url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00373", "scoring_system": "epss", "scoring_elements": "0.59331", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64175", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.6419", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64195", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64188", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64198", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2853" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967" }, { "reference_url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251" }, { "reference_url": "http://secunia.com/advisories/58262", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/58262" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2853", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2853" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5" }, { "reference_url": "http://www.securityfocus.com/bid/67068", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/67068" }, { "reference_url": "http://www.securitytracker.com/id/1030161", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1030161" }, { "reference_url": "https://github.com/advisories/GHSA-6h86-9r5g-f2h5", "reference_id": "GHSA-6h86-9r5g-f2h5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6h86-9r5g-f2h5" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-2853", "GHSA-6h86-9r5g-f2h5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqrt-mauu-pyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174498?format=api", "vulnerability_id": "VCID-mm9g-8jtn-tue2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00568", "scoring_system": "epss", "scoring_elements": "0.68915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00568", "scoring_system": "epss", "scoring_elements": "0.68955", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00568", "scoring_system": "epss", "scoring_elements": "0.68964", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00568", "scoring_system": "epss", "scoring_elements": "0.68957", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00568", "scoring_system": "epss", "scoring_elements": "0.6894", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00568", "scoring_system": "epss", "scoring_elements": "0.68959", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9481" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9481" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm9g-8jtn-tue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92958?format=api", "vulnerability_id": "VCID-mymv-p7cc-8yav", "summary": "includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66281", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66332", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66341", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66326", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66312", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.6633", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2242" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-2242" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mymv-p7cc-8yav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92968?format=api", "vulnerability_id": "VCID-nzgd-bwa8-7ugr", "summary": "The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47022", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47087", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4709", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47072", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47043", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47054", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7295" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-7295" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzgd-bwa8-7ugr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92966?format=api", "vulnerability_id": "VCID-rssx-5uc4-qbbu", "summary": "MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59011", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59059", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59055", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59039", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59056", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61559", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510", "reference_id": "758510", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758510" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-5243" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rssx-5uc4-qbbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92951?format=api", "vulnerability_id": "VCID-t614-d2cj-nufy", "summary": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53693", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53752", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5376", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53748", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53724", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53747", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6451" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2013-6451" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t614-d2cj-nufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92957?format=api", "vulnerability_id": "VCID-umz5-f7z4-5kcw", "summary": "MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48041", "scoring_system": "epss", "scoring_elements": "0.9778", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.48041", "scoring_system": "epss", "scoring_elements": "0.97784", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.48041", "scoring_system": "epss", "scoring_elements": "0.97786", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.48041", "scoring_system": "epss", "scoring_elements": "0.97787", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31767.rb", "reference_id": "CVE-2014-1610;OSVDB-102630", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31767.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/31329.txt", "reference_id": "CVE-2014-1610;OSVDB-102631;OSVDB-102630", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/31329.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-1610" ], "risk_score": 0.8, "exploitability": "2.0", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-umz5-f7z4-5kcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92972?format=api", "vulnerability_id": "VCID-vy8z-k1u8-qfg4", "summary": "MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by \"http://en.wikipedia.org.evilsite.example/.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72884", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72921", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72928", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72911", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72898", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72923", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9476" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9476" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy8z-k1u8-qfg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92969?format=api", "vulnerability_id": "VCID-yjuv-8c4t-p7em", "summary": "Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29665", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29627", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29595", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29562", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29575", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9276" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-9276" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjuv-8c4t-p7em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92961?format=api", "vulnerability_id": "VCID-z4xm-28fh-afdz", "summary": "includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a \"login CSRF\" issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41794", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.4187", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.4188", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41851", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41816", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41825", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2665" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857", "reference_id": "742857", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857" }, { "reference_url": "https://security.gentoo.org/glsa/201502-04", "reference_id": "GLSA-201502-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/505012?format=api", "purl": "pkg:ebuild/www-apps/mediawiki@1.23.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" } ], "aliases": [ "CVE-2014-2665" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4xm-28fh-afdz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/mediawiki@1.23.8" }