Search for packages
Package details: pkg:deb/debian/mediawiki-extensions@2.3squeeze2
purl pkg:deb/debian/mediawiki-extensions@2.3squeeze2
Next non-vulnerable version 3.5~deb7u2
Latest non-vulnerable version 3.5~deb7u2
Risk 10.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-1n4n-xa7r-aaac
Aliases:
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-3pmj-2b4e-aaab
Aliases:
CVE-2013-6454
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-3ze7-fd5k-aaaa
Aliases:
CVE-2013-4572
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-6w62-q6j7-aaad
Aliases:
CVE-2013-2032
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-6zd8-mffk-aaae
Aliases:
CVE-2013-6453
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-8u4s-382t-aaas
Aliases:
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-cdyw-vbrn-aaaq
Aliases:
CVE-2014-2665
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-d9js-484j-aaan
Aliases:
CVE-2013-4567
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-jxst-e7ku-aaaf
Aliases:
CVE-2014-1610
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-mq7r-ry5h-aaaj
Aliases:
CVE-2013-6472
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.
3.5~deb7u2
Affected by 0 other vulnerabilities.
VCID-w362-nw4d-aaad
Aliases:
CVE-2013-2031
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
3.5~deb7u2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T09:28:37.936747+00:00 Debian Oval Importer Affected by VCID-jxst-e7ku-aaaf https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:25:52.391262+00:00 Debian Oval Importer Affected by VCID-cdyw-vbrn-aaaq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:23:21.860086+00:00 Debian Oval Importer Affected by VCID-6w62-q6j7-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:23:01.788953+00:00 Debian Oval Importer Affected by VCID-3pmj-2b4e-aaab https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:21:13.694368+00:00 Debian Oval Importer Affected by VCID-3ze7-fd5k-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:18:16.353566+00:00 Debian Oval Importer Affected by VCID-w362-nw4d-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:10:26.043544+00:00 Debian Oval Importer Affected by VCID-1n4n-xa7r-aaac https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:04:28.134818+00:00 Debian Oval Importer Affected by VCID-mq7r-ry5h-aaaj https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:04:03.758465+00:00 Debian Oval Importer Affected by VCID-6zd8-mffk-aaae https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:01:12.793688+00:00 Debian Oval Importer Affected by VCID-d9js-484j-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T08:59:25.620448+00:00 Debian Oval Importer Affected by VCID-8u4s-382t-aaas https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-08T03:16:52.187382+00:00 Debian Oval Importer Affected by VCID-jxst-e7ku-aaaf https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:13:56.634133+00:00 Debian Oval Importer Affected by VCID-cdyw-vbrn-aaaq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:11:14.464362+00:00 Debian Oval Importer Affected by VCID-6w62-q6j7-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:10:54.354192+00:00 Debian Oval Importer Affected by VCID-3pmj-2b4e-aaab https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:09:04.195074+00:00 Debian Oval Importer Affected by VCID-3ze7-fd5k-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:06:06.056857+00:00 Debian Oval Importer Affected by VCID-w362-nw4d-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:57:51.030859+00:00 Debian Oval Importer Affected by VCID-1n4n-xa7r-aaac https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:51:29.018455+00:00 Debian Oval Importer Affected by VCID-mq7r-ry5h-aaaj https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:51:04.907585+00:00 Debian Oval Importer Affected by VCID-6zd8-mffk-aaae https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:48:05.329705+00:00 Debian Oval Importer Affected by VCID-d9js-484j-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:46:10.967174+00:00 Debian Oval Importer Affected by VCID-8u4s-382t-aaas https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-04-08T01:44:17.036848+00:00 Debian Oval Importer Affected by VCID-jxst-e7ku-aaaf https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:41:18.703021+00:00 Debian Oval Importer Affected by VCID-cdyw-vbrn-aaaq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:38:40.098305+00:00 Debian Oval Importer Affected by VCID-6w62-q6j7-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:38:17.949711+00:00 Debian Oval Importer Affected by VCID-3pmj-2b4e-aaab https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:36:21.646598+00:00 Debian Oval Importer Affected by VCID-3ze7-fd5k-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:33:18.277558+00:00 Debian Oval Importer Affected by VCID-w362-nw4d-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:24:59.157940+00:00 Debian Oval Importer Affected by VCID-1n4n-xa7r-aaac https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:18:45.665991+00:00 Debian Oval Importer Affected by VCID-mq7r-ry5h-aaaj https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:18:17.821382+00:00 Debian Oval Importer Affected by VCID-6zd8-mffk-aaae https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:15:14.674552+00:00 Debian Oval Importer Affected by VCID-d9js-484j-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:13:22.574325+00:00 Debian Oval Importer Affected by VCID-8u4s-382t-aaas https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2024-12-08T20:16:55.198736+00:00 Debian Oval Importer Affected by VCID-6w62-q6j7-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 35.0.0
2024-12-08T17:07:56.981295+00:00 Debian Oval Importer Affected by VCID-w362-nw4d-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 35.0.0
2024-10-15T06:08:53.623767+00:00 Debian Oval Importer Affected by VCID-6w62-q6j7-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 34.0.2
2024-10-15T06:06:41.796804+00:00 Debian Oval Importer Affected by VCID-w362-nw4d-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 34.0.2
2024-10-05T04:18:41.176136+00:00 Debian Oval Importer Affected by VCID-6w62-q6j7-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 34.0.1
2024-10-05T04:17:41.087178+00:00 Debian Oval Importer Affected by VCID-w362-nw4d-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 34.0.1