Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/930644?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/930644?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "mediawiki", "version": "1:1.19.2-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:1.19.3-1", "latest_non_vulnerable_version": "1:1.43.8+dfsg-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92385?format=api", "vulnerability_id": "VCID-e9pq-ynp8-nygx", "summary": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52292", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5221", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52133", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5217", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52223", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52219", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52254", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52278", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52281", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52264", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52212", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5222", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52183", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52129", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5218", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52224", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52186", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4382" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4382" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html" }, { "reference_url": "https://phabricator.wikimedia.org/T41823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://phabricator.wikimedia.org/T41823" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4382", "reference_id": "CVE-2012-4382", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4382" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/930644?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930615?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930613?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930618?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930616?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930617?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059637?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4382" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9pq-ynp8-nygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92382?format=api", "vulnerability_id": "VCID-fm5x-32wy-57e3", "summary": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62651", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62595", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62405", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62463", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62461", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62513", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62548", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62537", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62555", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62561", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62543", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62553", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62569", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62566", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62516", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62564", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62617", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.6257", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=853426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4379" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html" }, { "reference_url": "https://phabricator.wikimedia.org/T41180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://phabricator.wikimedia.org/T41180" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4379", "reference_id": "CVE-2012-4379", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/930644?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930615?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930613?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930618?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930616?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930617?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059637?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4379" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fm5x-32wy-57e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92381?format=api", "vulnerability_id": "VCID-fsk6-nkuk-wqa3", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66463", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66403", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66198", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66265", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66235", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66283", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66296", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66303", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66272", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66306", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66323", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66308", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66332", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66346", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66367", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.6641", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66382", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4378" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html" }, { "reference_url": "https://phabricator.wikimedia.org/T39587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://phabricator.wikimedia.org/T39587" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4378", "reference_id": "CVE-2012-4378", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/930644?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930615?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930613?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930618?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930616?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930617?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059637?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4378" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsk6-nkuk-wqa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92380?format=api", "vulnerability_id": "VCID-m5a4-k87e-skaq", "summary": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77146", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77097", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76895", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76915", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76947", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76958", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76986", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76965", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.7696", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77001", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77004", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.76996", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77031", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77038", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77052", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77042", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77072", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77092", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.7708", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4377" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=853409", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853409" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4377" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html" }, { "reference_url": "https://phabricator.wikimedia.org/T41700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://phabricator.wikimedia.org/T41700" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4377", "reference_id": "CVE-2012-4377", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4377" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/930644?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930615?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930613?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930618?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930616?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930617?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059637?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4377" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5a4-k87e-skaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92384?format=api", "vulnerability_id": "VCID-pqtu-ce8a-q7bk", "summary": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86748", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86795", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86813", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86824", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86829", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86828", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86844", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.8685", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86851", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86874", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86893", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86911", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86907", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.8692", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86949", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4381" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/930644?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930615?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930613?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930618?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930616?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930617?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059637?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4381" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqtu-ce8a-q7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92383?format=api", "vulnerability_id": "VCID-rjz9-twh9-wkaa", "summary": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68207", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68151", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.67949", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.67971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.6799", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.67969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.6802", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68034", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68058", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.6801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68047", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.6806", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68043", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68086", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68094", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.681", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68074", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68116", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68157", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68125", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=853440", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853440" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4380" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html" }, { "reference_url": "https://phabricator.wikimedia.org/T41824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://phabricator.wikimedia.org/T41824" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/31/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4380", "reference_id": "CVE-2012-4380", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4380" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/930644?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.19.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930615?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930613?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7831-8u7z-6fep" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930618?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-buwp-69zb-93hs" }, { "vulnerability": "VCID-cbtm-g4t5-u3am" }, { "vulnerability": "VCID-d5vz-puw9-t7er" }, { "vulnerability": "VCID-kw32-af5a-hqg8" }, { "vulnerability": "VCID-q7k6-59z5-d7a7" }, { "vulnerability": "VCID-wktm-ya6k-v7dv" }, { "vulnerability": "VCID-x8t7-agtn-zudu" }, { "vulnerability": "VCID-xdct-ca96-3uat" }, { "vulnerability": "VCID-zmax-894d-5kfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930616?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/930617?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kw32-af5a-hqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059637?format=api", "purl": "pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4380" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rjz9-twh9-wkaa" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.19.2-1%3Fdistro=trixie" }