Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-6736 5.0
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6732 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" fi
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6735 5.0
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6734 4.3
Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6731 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6733 5.0
GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6728 7.5
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6737 4.3
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6729 4.3
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6730 4.3
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an
07-12-2016 - 18:21 01-09-2015 - 14:59
CVE-2015-6727 5.0
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
02-09-2015 - 17:19 01-09-2015 - 14:59
CVE-2013-7444 5.0
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
02-09-2015 - 16:30 01-09-2015 - 14:59
Back to Top Mark selected
Back to Top