| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-6736 | 5.0 |
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6732 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" fi
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6735 | 5.0 |
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6734 | 4.3 |
Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6731 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6733 | 5.0 |
GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6728 | 7.5 |
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protecti
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6737 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6729 | 4.3 |
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled i
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6730 | 4.3 |
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an
|
07-12-2016 - 18:21 | 01-09-2015 - 14:59 | |
| CVE-2015-6727 | 5.0 |
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
|
02-09-2015 - 17:19 | 01-09-2015 - 14:59 | |
| CVE-2013-7444 | 5.0 |
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
|
02-09-2015 - 16:30 | 01-09-2015 - 14:59 |