| Max CVSS | 5.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-1587 | 4.3 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html lo
|
13-02-2023 - 01:19 | 27-04-2011 - 00:55 | |
| CVE-2011-1578 | 4.3 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at
|
23-07-2021 - 12:16 | 27-04-2011 - 00:55 | |
| CVE-2011-4361 | 5.0 |
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an
|
21-04-2021 - 14:54 | 08-01-2012 - 11:55 | |
| CVE-2011-4360 | 5.0 |
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.
|
21-04-2021 - 14:53 | 08-01-2012 - 11:55 | |
| CVE-2011-1579 | 5.8 |
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or
|
17-08-2017 - 01:34 | 27-04-2011 - 00:55 | |
| CVE-2011-1580 | 3.5 |
The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.
|
17-08-2017 - 01:34 | 27-04-2011 - 00:55 |