| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-6732 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" fi
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6731 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6728 | 7.5 |
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6729 | 4.3 |
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6730 | 4.3 |
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 |