Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-11358 | 4.3 |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
|
16-02-2024 - 16:32 | 20-04-2019 - 00:29 | |
CVE-2019-12470 | 4.0 |
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
|
24-08-2020 - 17:37 | 10-07-2019 - 17:15 | |
CVE-2019-12473 | 5.0 |
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
|
24-08-2020 - 17:37 | 10-07-2019 - 16:15 | |
CVE-2019-12474 | 5.0 |
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
|
24-08-2020 - 17:37 | 10-07-2019 - 16:15 | |
CVE-2019-12468 | 7.5 |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
|
24-08-2020 - 17:37 | 10-07-2019 - 15:15 | |
CVE-2019-12469 | 4.0 |
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
|
24-08-2020 - 17:37 | 10-07-2019 - 17:15 | |
CVE-2019-12467 | 5.0 |
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
|
24-08-2020 - 17:37 | 10-07-2019 - 15:15 | |
CVE-2019-12471 | 4.3 |
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
|
16-07-2019 - 13:29 | 10-07-2019 - 16:15 | |
CVE-2019-12466 | 6.8 |
Wikimedia MediaWiki through 1.32.1 allows CSRF.
|
11-07-2019 - 20:40 | 10-07-2019 - 16:15 |