| Max CVSS | 5.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-4380 | 5.0 |
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
|
31-10-2017 - 22:08 | 19-10-2017 - 21:29 | |
| CVE-2012-4379 | 4.3 |
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.
|
31-10-2017 - 22:08 | 19-10-2017 - 21:29 | |
| CVE-2012-4382 | 4.0 |
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
|
31-10-2017 - 22:07 | 19-10-2017 - 21:29 | |
| CVE-2012-4378 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index
|
31-10-2017 - 21:41 | 26-10-2017 - 20:29 |