Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-8628 | 4.3 |
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attacker
|
28-03-2017 - 17:15 | 23-03-2017 - 20:59 | |
CVE-2015-8627 | 5.0 |
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an
|
27-03-2017 - 14:18 | 23-03-2017 - 20:59 | |
CVE-2015-8626 | 5.0 |
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access
|
27-03-2017 - 14:06 | 23-03-2017 - 20:59 | |
CVE-2015-8625 | 5.0 |
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in un
|
27-03-2017 - 13:50 | 23-03-2017 - 20:59 | |
CVE-2015-8623 | 6.8 |
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF pro
|
27-03-2017 - 13:47 | 23-03-2017 - 20:59 | |
CVE-2015-8624 | 6.8 |
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message shou
|
27-03-2017 - 13:47 | 23-03-2017 - 20:59 | |
CVE-2015-8622 | 4.3 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HT
|
27-03-2017 - 13:46 | 23-03-2017 - 20:59 |