Search for packages
| purl | pkg:deb/ubuntu/mediawiki@1:1.27.4-3 |
| Next non-vulnerable version | 1:1.31.7-1 |
| Latest non-vulnerable version | 1:1.31.7-1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2txe-5685-aaar
Aliases: CVE-2019-12467 GHSA-6vfg-8ppv-h5hg |
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 2 other vulnerabilities. |
|
VCID-4q2b-jwqb-aaas
Aliases: CVE-2019-12470 GHSA-733q-m38x-q7cc |
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 2 other vulnerabilities. |
|
VCID-8ex1-6xse-aaab
Aliases: CVE-2019-19709 GHSA-pjv5-vv93-p648 |
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. |
Affected by 1 other vulnerability. |
|
VCID-9xdp-s1sy-aaaq
Aliases: CVE-2018-0504 GHSA-hr8v-f4g2-p66f |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid |
Affected by 11 other vulnerabilities. |
|
VCID-aap7-715h-aaab
Aliases: CVE-2019-12472 GHSA-7mqg-5fgh-xh4r |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 2 other vulnerabilities. |
|
VCID-azqw-d7r1-aaad
Aliases: CVE-2018-0503 GHSA-mhfv-9h99-jwg7 |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. |
Affected by 11 other vulnerabilities. |
|
VCID-bhgn-gct9-aaae
Aliases: CVE-2019-12466 GHSA-27fw-r78j-h898 |
Wikimedia MediaWiki through 1.32.1 allows CSRF. |
Affected by 2 other vulnerabilities. |
|
VCID-f9ks-vah3-aaaa
Aliases: CVE-2019-12474 GHSA-2qrr-c2gh-pr35 |
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 2 other vulnerabilities. |
|
VCID-fwhc-xtwd-aaag
Aliases: CVE-2019-12469 GHSA-x3fr-w7r5-x7rg |
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 2 other vulnerabilities. |
|
VCID-k3vw-m137-aaan
Aliases: CVE-2020-10960 GHSA-pfm2-mqwj-ggm5 |
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). |
Affected by 0 other vulnerabilities. |
|
VCID-qynw-xq2t-aaap
Aliases: CVE-2019-12468 GHSA-wrhx-3pxr-6vgg |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. |
Affected by 2 other vulnerabilities. |
|
VCID-sa8w-pzne-aaas
Aliases: CVE-2018-0505 GHSA-5c6w-f4w2-2grp |
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock |
Affected by 11 other vulnerabilities. |
|
VCID-tm36-42qs-aaah
Aliases: CVE-2019-12471 GHSA-2rm7-xxx8-35jh |
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 2 other vulnerabilities. |
|
VCID-zqf1-jg5k-aaap
Aliases: CVE-2019-12473 GHSA-33xw-x3pr-rvqj |
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2sfd-2utj-aaah | The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks. |
CVE-2015-8002
|
| VCID-2xxs-re4c-aaan | The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics. |
CVE-2015-8628
|
| VCID-441a-j5w3-aaak | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624. |
CVE-2015-8623
|
| VCID-4464-txgm-aaaq | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters. |
CVE-2015-8625
|
| VCID-475y-ct6v-aaae | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. |
CVE-2017-0363
|
| VCID-4crn-tzya-aaaa | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. |
CVE-2015-8624
|
| VCID-4me7-4qh5-aaar | Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace. |
CVE-2015-2939
|
| VCID-52ya-rkxw-aaap | The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. |
CVE-2015-8626
|
| VCID-6fqp-cx7v-aaad | Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. |
CVE-2017-0367
|
| VCID-6t1c-fh8c-aaaf | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')." |
CVE-2015-8622
|
| VCID-6w62-q6j7-aaad | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. |
CVE-2013-2032
|
| VCID-7ccj-pqjd-aaak | The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size. |
CVE-2015-8001
|
| VCID-87hn-2xkg-aaaq | (1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php. |
CVE-2013-4302
|
| VCID-8kas-zwjt-aaaj | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads. |
CVE-2015-8003
|
| VCID-9p61-293j-aaae | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942. |
CVE-2015-2937
|
| VCID-b3ku-7nmb-aaan | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. |
CVE-2015-2934
|
| VCID-bkcd-21y2-aaan | Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element. |
CVE-2015-2932
|
| VCID-bu88-hs5y-aaad | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file. |
CVE-2015-2938
|
| VCID-c5zz-s9rp-aaah | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. |
CVE-2017-0365
|
| VCID-esgd-pzqy-aaag | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. |
CVE-2017-0366
|
| VCID-fa39-92mr-aaaq | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT." |
CVE-2015-2935
|
| VCID-fgbq-q2ny-aaas | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form. |
CVE-2015-8004
|
| VCID-fhfu-4d98-aaak | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. |
CVE-2017-0369
|
| VCID-fnr5-5thp-aaad | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. |
CVE-2017-0362
|
| VCID-g7za-6jm5-aaas | The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. |
CVE-2015-6727
|
| VCID-hz1d-kef8-aaaj | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file. |
CVE-2015-8005
|
| VCID-kcqa-8c1s-aaah | Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant. |
CVE-2015-2933
|
| VCID-mzup-du1d-aaac | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed. |
CVE-2015-8627
|
| VCID-pbsc-5dr9-aaan | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value. |
CVE-2015-2941
|
| VCID-q2kd-6muk-aaan | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937. |
CVE-2015-2942
|
| VCID-qzqa-kqnf-aaak | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. |
CVE-2017-0361
|
| VCID-rpem-hqsq-aaah | MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. |
CVE-2017-0371
|
| VCID-szc1-38p1-aaak | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. |
CVE-2017-0368
|
| VCID-t1zs-6awm-aaae | Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI. |
CVE-2015-2931
|
| VCID-t4v1-vab8-aaan | Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. |
CVE-2017-0372
|
| VCID-t8tf-anxv-aaap | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. |
CVE-2017-0364
|
| VCID-utd6-z4vj-aaar | Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. |
CVE-2015-2940
|
| VCID-w362-nw4d-aaad | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. |
CVE-2013-2031
|
| VCID-xmew-5454-aaae | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. |
CVE-2017-0370
|
| VCID-y9hz-2s27-aaae | MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password. |
CVE-2015-2936
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|