Max CVSS 7.5 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
06-04-2022 - 18:07 20-04-2019 - 00:29
CVE-2019-12470 4.0
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
24-08-2020 - 17:37 10-07-2019 - 17:15
CVE-2019-12473 5.0
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
24-08-2020 - 17:37 10-07-2019 - 16:15
CVE-2019-12474 5.0
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
24-08-2020 - 17:37 10-07-2019 - 16:15
CVE-2019-12468 7.5
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
24-08-2020 - 17:37 10-07-2019 - 15:15
CVE-2019-12469 4.0
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
24-08-2020 - 17:37 10-07-2019 - 17:15
CVE-2019-12467 5.0
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
24-08-2020 - 17:37 10-07-2019 - 15:15
CVE-2019-12471 4.3
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
16-07-2019 - 13:29 10-07-2019 - 16:15
CVE-2019-12466 6.8
Wikimedia MediaWiki through 1.32.1 allows CSRF.
11-07-2019 - 20:40 10-07-2019 - 16:15
Back to Top Mark selected
Back to Top