| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-2031 | 4.3 |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted a
|
31-12-2016 - 02:59 | 18-11-2013 - 02:55 | |
| CVE-2013-2032 | 5.0 |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extens
|
18-10-2016 - 15:11 | 18-11-2013 - 02:55 | |
| CVE-2013-2114 | 6.8 |
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. CWE-434: Unrestricted Upload
|
21-11-2013 - 17:32 | 18-11-2013 - 02:55 |