Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-0369 | 4.0 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
|
03-10-2019 - 00:03 | 13-04-2018 - 16:29 | |
CVE-2017-0367 | 6.5 |
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
|
03-10-2019 - 00:03 | 13-04-2018 - 16:29 | |
CVE-2017-0372 | 7.5 |
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
|
17-05-2018 - 15:25 | 13-04-2018 - 16:29 | |
CVE-2017-0362 | 6.8 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
|
15-05-2018 - 13:21 | 13-04-2018 - 16:29 | |
CVE-2017-0361 | 2.1 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
|
14-05-2018 - 17:09 | 13-04-2018 - 16:29 | |
CVE-2017-0370 | 5.0 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
|
14-05-2018 - 15:41 | 13-04-2018 - 16:29 | |
CVE-2017-0368 | 5.0 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
|
14-05-2018 - 15:35 | 13-04-2018 - 16:29 | |
CVE-2017-0366 | 4.0 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
|
14-05-2018 - 15:28 | 13-04-2018 - 16:29 | |
CVE-2017-0364 | 5.8 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
|
14-05-2018 - 15:26 | 13-04-2018 - 16:29 | |
CVE-2017-0363 | 5.8 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
|
14-05-2018 - 15:20 | 13-04-2018 - 16:29 | |
CVE-2017-0365 | 2.6 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
|
14-05-2018 - 14:42 | 13-04-2018 - 16:29 |